- Super Casino Security Breach
- Casino Security Breach Meaning
- Casino Security Breach 2020
- Casino Security Systems
- Casino Security Breach Credit Monitoring
- Casino Security Pay Scale
Jan 09, 2020 The City of Las Vegas has contained a cyber breach, officials say, after hackers compromised systems, causing some initial service outages. The attack was first flagged at 4:30 a.m. In February, the casino operator confirmed that it had been hacked in summer 2019, and certain information — including some guests’ driver’s license and passport information — had been stolen from.
Last Updated March 25, 2019
Privacy Breach at the Casino Rama Resort
On November 10, 2016, the Casino Rama Resort (Casino Rama) announced that it was informed on November 4, 2016 that its internal computer network was subjected to a cyberattack in which confidential data of employees, customers and vendors was stolen. The privacy breach was reported to the Privacy Commissioner of Canada and the Information and Privacy Commissioner of Ontario. Casino Rama reported that it is also working with the Ontario Provincial Police (OPP), the Royal Canadian Mounted Police (RCMP), the Ontario Lottery and Gaming Corporation (OLG) and the Alcohol and Gaming Commission of Ontario to address the issue.
Updates
May 7, 2019
Superior Court declines to certify class action against Casino Rama.
Read the decision here.
March 25, 2019
The Privacy Complaint Report of the Information and Privacy Commissioner of Ontario was released on January 30, 2019. In the report, the investigator concludes:
- Casino Rama did not have reasonable security measures in place to prevent unauthorized access to records.
- A total of 39 Casino Rama network systems had been compromised in the attack.
- A number of security measures required by legislation were not implemented at the time of the cyber attack.
- Audit report recommendations made by the AGCO in 2015 were not implemented at Casino Rama due to limited IT resources. The failure of Casino Rama to implement the audit report recommendations contributed to the cyber attack.
A summary of the Privacy Complaint report prepared by Charney Lawyers can be found here.
The Privacy Complaint Report of the Information and Privacy Commission of Ontario can be found here.
January 17, 2019
In November 2018, the certification hearing commenced before Justice Belobaba, but was adjourned at the court’s request to allow for further evidence to be filed on the scope of the breach and the number of affected individuals. We anticipate the hearing will resume in spring 2019 and will post further information when it becomes available. We encourage anyone who received notice of the breach from Casino Rama or who was affected by the breach to register at the link above and to continue to visit this site for further updates.
November 2, 2018 – The motion to certify this action as a class action will be heard on November 7 and 8, 2018 in Toronto.
Super Casino Security Breach
June 6, 2018 – The plaintiffs recently successfully argued a motion to compel the defendants to produce an investigation report authored by Mandiant, a third party cybersecurity company. Mandiant was hired by Casino Rama to investigate the breach immediately after it occurred, and produced a report on its findings. Casino Rama claimed privilege over the Mandiant report, but Justice Glustein ruled that privilege had been waived and ordered the production of relevant portions of the report. You can read Justice Glustein’s reasons for decision here.
Casino Security Breach Meaning
The Privacy Complaint Report of the Information and Privacy Commission of Ontario can be found here.
January 17, 2019
In November 2018, the certification hearing commenced before Justice Belobaba, but was adjourned at the court’s request to allow for further evidence to be filed on the scope of the breach and the number of affected individuals. We anticipate the hearing will resume in spring 2019 and will post further information when it becomes available. We encourage anyone who received notice of the breach from Casino Rama or who was affected by the breach to register at the link above and to continue to visit this site for further updates.
November 2, 2018 – The motion to certify this action as a class action will be heard on November 7 and 8, 2018 in Toronto.
Super Casino Security Breach
June 6, 2018 – The plaintiffs recently successfully argued a motion to compel the defendants to produce an investigation report authored by Mandiant, a third party cybersecurity company. Mandiant was hired by Casino Rama to investigate the breach immediately after it occurred, and produced a report on its findings. Casino Rama claimed privilege over the Mandiant report, but Justice Glustein ruled that privilege had been waived and ordered the production of relevant portions of the report. You can read Justice Glustein’s reasons for decision here.
Casino Security Breach Meaning
Casino Rama’s Press Statements
On November 10, 2016, Casino Rama posted a statement on its website announcing the privacy breach. On November 11, 2016, Casino Rama update the statement to indicate that personal information obtained by hackers has been posted online. The statement can be viewed here.
Who Is Affected and What Confidential Information Was Compromised?
According Casino Rama’s statement, an anonymous hacker claims to have stolen confidential employee information from 2004 to 2016 including performance reviews, payroll data, terminations, social insurance numbers and dates of birth.
Casino Rama also stated that the hacker claims to have stolen other confidential information dating back to 2007, including the Casino Rama’s IT information, hotel and casino financial reports, security incident reports, email, customer credit inquiries, collection and debt information and vendor information and contracts. Some of Casino Rama’s affected customers received an email from Casino Rama advising of the privacy breach.
Privacy Commissioner Investigation
The privacy breach was reported to the Privacy Commissioner of Canada and the Information and Privacy Commissioner of Ontario. On November 10, 2016, the Information and Privacy Commissioner of Ontario posted a statement advising that it has launched an investigation. The statement may be viewed here.
Casino Rama Privacy Breach Class Action
On November 14, 2016, Charney Lawyers PC and Sutts, Strosberg LLP (now Strosberg Sasso Sutts LLP) commenced a national class action on behalf of Casino Rama employees (past and present), customers and vendors for damages arising from the privacy breach. The plaintiffs also seek damages on behalf of members of the OLG’s Self-Exclusion Program whose personal information was provided to Casino Rama by the OLG.
The proposed class consists of all persons residing in Canada, excluding the defendants and the defendants’ executives, whose personal information was collected by Casino Rama, or was provided to Casino Rama by the OLG, and was then stolen or accessed in the breach.
The defendants are Casino Rama Services, Inc., the OLG, CHC Casinos Canada Limited and Penn National Gaming, Inc.
In the action, the plaintiffs assert that the defendants were negligent and that Casino Rama breached its Privacy Policy by failing to take reasonable security measures to protect against unauthorized access to class members’ personal and confidential information.
On May 10, 2017, Justice Belobaba of the Superior Court of Justice in Toronto ordered that carriage of the proposed class action be granted to the plaintiffs represented by Charney Lawyers PC and Strosberg Sasso Sutts LLP, who have served a motion record for certification of the proposed class action. A copy of the decision can be viewed here. A separate class action concerning the Casino Rama privacy breach, commenced by Flaherty McCarthy LLP in Oshawa, has been stayed. The plaintiffs’ motion for certification of the proposed class action has been delayed due to the unavailability of the court to hear the motion as originally scheduled. New dates have been booked for the hearing of the certification motion on April 25-27, 2018. Further details on the outcome of that motion will be posted here as soon as they are available.
What to Do Next?
Anyone who received a notice of the privacy breach from Casino Rama or who believes their private information may have been compromised is urged to immediately notify their banks and credit card companies and to monitor their accounts for suspicious activities. Affected individuals may also contact a credit bureau such as TransUnion Canada or Equifax to determine whether there have been any unauthorized transactions on their accounts to explore options to purchase credit protection services.
Register for the Casino Rama Class Action
Employees, customers or vendors of Casino Rama who provided their confidential information to Casino Rama as early as 2004 and/or who received Casino Rama’s notice of the breach are also urged to REGISTER HERE to receive updates about the class action, especially if there is a settlement or award of damages.
Contact Us
If you have any questions, please contact:
Tina Q. Yang
Charney Lawyers PC
tinay@charneylawyers.com
David Robins
For the second time in about a year, the Hard Rock hotel-casino's card payment system has been breached.
The casino says customers' names, card numbers and verification codes were exposed.
The breach affects cards used at the hotel between last October and this March.
Hard Rock released a statement on the breach:
Casino Security Breach 2020
'Hard Rock Hotel & Casino Las Vegas values the relationship we have with our customers, which is why we are notifying you of an incident that may involve your payment card.
'After receiving reports of fraudulent activity associated with payment cards used at the Hard Rock Hotel & Casino Las Vegas, the resort began an investigation of its payment card network and engaged a leading cyber-security firm to assist. On May 13, 2016, the investigation identified signs of unauthorized access to the resort’s payment card environment. Further investigation revealed the presence of card scraping malware that was designed to target payment card data as the data was routed through the resort’s payment card system. In some instances the program identified payment card data that included cardholder name, card number, expiration date, and internal verification code. In other instances the program only found payment card data that did not include cardholder name. No other customer information was involved. It is possible that cards used at certain restaurant and retail outlets at the Hard Rock Hotel & Casino Las Vegas between October 27, 2015 and March 21, 2016, could have been affected.
Casino Security Systems
'It is always advisable to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity. You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of your payment card. Please see the section that follows this notice for additional steps you may take to protect your information.Casino Security Breach Credit Monitoring
Casino Security Pay Scale
We have notified law enforcement officials and are supporting their investigation. We are also working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring on the affected cards. We also continue to work with the cyber security firm to further strengthen the security of our systems to help prevent this from happening in the future.'