Stolen Casino Rama customer data has surfaced online one day after the casino announced it had been the victim of a cyberattack.
On Thursday, Ontario’s Casino Rama announced that an “anonymous
threat agent” had infiltrated its data networks and made off with “past and present customer, employee and vendor information” dating as far back as 2004. The company became aware of the breach on November 4.
On Friday, Toronto’s CityNews reported that the anonymous hacker had posted some of the stolen data online, along with a warning that the entire data trove would be posted within 72 hours.
The hacker’s post included a note saying it was “extremely simple” to access Casino Rama’s files and that “no security systems were in place leaving the whole casino network wide open.” The hacker slammed the casino for convincing the public “that they take the protection of data and customer information seriously when really they don’t.” Neither the hacker nor Casino Rama have so far publicly indicated that the breach was part of an attempt to extort the casino.
CityNews said some of the posted data includes customer credit and betting histories, collection agency info related to a $100k debt owed by an Ontario resident, copies of faxes sent from the casino to banks regarding authorization to maintain credit for use at Rama, and annual performance reviews of Rama staff members.
As further evidence that when it rains, it pours, Friday also brought word of a C$50m privacy breach class action lawsuit proposed by Charney Lawyers PC and Sutts, Strosberg LLP on behalf of Casino Rama staff, customers and vendors. The attorneys have set up a website so that affected individuals can add their name to the suit.
Casino Rama is the Canadian province’s only First Nations-owned casino. Its gaming operations are managed by US regional casino operator Penn National Gaming. The casino has stressed that its games weren’t subject to the data breach.