Massive Hack on Canadian Casino Prompts $50 Million Lawsuit

Posted on: November 14, 2016, 03:00h. 

Last updated on: November 14, 2016, 04:00h.

 Casino data breached, Charney files lawsuit
Ted Charney of Charney Lawyers believes the Casino Rama Resort has failed in its care of duty to its customers and staff and has filed a $60 million lawsuit. (Image: Bernard Weil/Toronto Star)

The Casino Rama Resort in Ontario has been forced to warn its customers and employees after a cyber attacker breached its systems, stealing more than a decade’s worth of sensitive data.

The casino learned of the compromise on November 4th when it was contacted by the hacker, who claimed to have sensitive information dating back to 2004.

This included everything from financial reports to security documents, emails, credit enquiries, debt information, vendor listings, employee contracts, payroll data, social insurance numbers and dates of birth, the casino said.

On November 10th the casino issued its warning, asking customers, employees and vendors to monitor and verify all bank accounts, credit card and other financial transaction statements, and to report any suspicious activity to the appropriate financial institution.

The following day, Casino Rama acknowledged that some of the data had already been posted online.

$60 Million Lawsuit

“Data security is a top priority for Casino Rama Resort, and we take our responsibility to protect our customers’, employees’ and vendors’ personal information very seriously,” said the company. “Our internal teams have been working with cybersecurity experts around the clock.”

But the damage was done, and meanwhile at least two ambulance-chasing law firms have jumped on the case. On Monday, lawyers filed a $50 million lawsuit on behalf of “all residents of Canada whose private information was stolen or accessed without authorization because of the breach.”

The firms are seeking $50 million in damages plus $10 million in punitive damages and they’re asking potential victims to sign up, arguing that the casino failed in its duty of care to its customers and employees.

“This is a massive privacy breach,” said Ted Charney of Charney Lawyers. “We still do not know the whole story but it looks like Casino Rama rolled the dice with employee, customer and vendor data rather than invest in state-of-the-art security measures.”

Destination Dark Web

Casino Rama is owned jointly by the First Nations, the Ontario and Lottery Gaming Corporation and Penn National Gaming, and operated by the latter.

In a statement issued to local media, a spokeswoman for the casino said it was working closely with law enforcement to “mitigate any potential action by the hacker.”

“Usually the information ends up for sale on the Dark Web,” J. Paul Haynes of Canada-based security firm eSentire told Yahoo News. “In this case like this, where hackers have targeted and obtained sensitive personably identifiable information like social insurance numbers and credit information, the effects of a breach can be felt for months and sometimes even years.”