The First Nations-owned Casino Rama Resort in Ontario, Canada was the victim of a cyberattack by ‘an anonymous threat agent’ on November 11. The unidentified hacker claimed to possess past and present customer, employee and vendor information which dated as far back as 2004.
The casino had alerted provincial and federal police as well as the Ontario Lottery and Gaming Corporation (OLGC) and had been working day and night with technology experts to determine the extent of the problem. A webpage was setup by the casino to keep affected individuals up to date on the latest news and advised customers, employees and vendors to monitor their financial accounts for signs of dubious activity.
A day after the casino made the announcement about its cyberattack, the anonymous hacker posted parts of the stolen data online along with a warning that the rest of the data cache would be posted within 72 hours. Casino officials have stated that they became aware of the threat on November 4th and stressed that a number of security measures were in place and that their games were secure.
In contrast to the casino’s statement, the hacker claimed that it was extremely simple to access Casino Rama’s files as no proper security systems were in place to protect the casino’s data and customer information. So far, neither the hacker nor Casino Rama has publicly indicated that the breach was part of an attempt to extort the casino.
CityNews reported that the posted data included customer credit and betting histories, copies of faxes sent from the casino to banks regarding authorization to maintain credit for use at Rama, collection agency information related to a $100k debt owed by an Ontario resident and annual performance reviews of Rama staff members.
A C$50m privacy breach class action lawsuit proposed by Charney Lawyers PC and Sutts, Strosberg LLP on behalf of Casino Rama staff, customers and vendors was filed on Nov 11th and a website was setup by the attorneys so that affected individuals could add their name to the suit.
Casino Rama isn’t the first gaming venue to be hacked. In 2014, Sands Bethlehem’s data network was infiltrated by hackers. UK bookmaker William Hill was victim of a cyber attack a week ago. The attackers were believed to be employing the new Mirai botnet, a source code that powers the “Internet of Things” (IoT) botnet. This source code was responsible for launching distributed denial-of-service (DDoS) attacks on a host of websites, leaving mainstream sites like Twitter and Reddit And inaccessible.