On the one hand, Ontario police are investigating what could have been one of the biggest data breaches in the province, the data breach that has reportedly happened at the Casino Rama Resort in the cottage country north of Toronto. On the other hand, the hacker who is behind this has reportedly claimed to have accessed lots of personal data, including accessed customer, employee and vendor information, some of which dates back nine years.
A statement on the Casino Rama Resort website says- “Casino Rama Resort recently became aware that it has been the victim of a cyberattack that resulted in the theft of (past and present) customer, employee and vendor information…We are working with the Ontario Provincial Police (OPP), the Royal Canadian Mounted Police (RCMP), the Ontario Lottery and Gaming Corporation (OLG) and the Alcohol and Gaming Commission of Ontario, and have alerted the Privacy Commissioner of Canada and the Information and Privacy Commissioner of Ontario.”
The statement also says- “The hacker claims to have accessed information that includes Casino Rama Resort IT information, financial reports regarding the hotel and casino, security incident reports, Casino Rama Resort email, patron credit inquiries, collection and debt information, vendor information and contracts and employee information including performance reviews, payroll data, terminations, social insurance numbers and dates of birth. The hacker claims that the employee information dates from 2004 to 2016, and that some of the other categories of information taken date back to 2007. “
Casino Rama Resort is operated by Penn National Gaming, Inc and has over 2,500 slot machines, more than 110 gaming tables, 8 unique restaurants, a world-class 5,000 seat Entertainment Centre, and a 300-room all-suite, full-service hotel, with facilities like spa and health club.
Casino Rama Resort clarifies that there are no indications that the hacker may still be having access to its network or systems. However, the statement on the Casino Rama Resort website says- “It is possible, however, that the hacker will publish information that was stolen previously.” There is also this request that is made through the statement- “We urge past and present Casino Rama Resort employees and customers who have provided personal or financial information to the casino to actively monitor their financial accounts and information, and to report any suspicious activity immediately to their financial institutions.”
Earlier in March this year, the River Cree Resort and Casino in Alberta, a data breach was detected, which too had led to the identity theft of customer and employee information.