Rivers Casino Des Plaines Hit With Class-Action Lawsuit Over August Data Breach

Posted on: December 14, 2023, 09:58h. 

Last updated on: December 15, 2023, 09:34h.

Devin O'Connor @CasinoorgDevinO Read More
Expertise: Asia Pacific Gaming, Commercial Gaming, Legislation, Politics.

Rivers Casino Des Plaines in Illinois is facing a proposed class-action lawsuit for its role in an August cyberattack that resulted in thousands of individuals having their data seized.

Rivers Casino Des Plaines cyberattack data breach
Anyone who has recently visited Rivers Casino Des Plaines in Illinois would be smart to check their free credit report after the casino said it was the victim of a cyberattack. The incident resulted in personally identifiable information being accessed. (Image: Imgur)

Filed in Illinois’ Northern District federal court, attorneys representing the class plaintiffs, including over 100 individuals, allege negligence on the casino’s behalf for failing to secure its IT network properly. The lawsuit seeks damages, restitution, and injunctive relief for the class.

Rivers was the victim of a cyberattack that casino reps said occurred around August 12. The incident, however, was only uncovered in early November. Rush Street Gaming, the Chicago-based parent company of the casino, said employee and patron names and their sensitive information, including Social Security and passport numbers, were compromised.

Lead plaintiff Michael Glebiv claims his information was part of their seizure. He says he wouldn’t have patronized Rivers Casino Des Plaines and entrusted his personal information with the business “had he known that Rivers Casino would fail to maintain adequate data security.”

Cyberattack Details

Rivers Casino Des Plaines suffered an unauthorized entry of its IT network in what appears to be a similar incident to the cyberattacks levied recently against MGM Resorts and Caesars Entertainment. An international group of hackers identified as Scattered Spider took credit for the MGM and Caesars onslaughts.

The Rivers cyberattack didn’t disrupt operations, as the casino operated normally on August 12 and the surrounding days. A cybersecurity firm investigating the breach doesn’t believe credit card information was stolen.

However, the lawsuit contends that hackers obtaining personal information like tax identification numbers and government IDs pose significant theft risks for the impacted workers and customers.

Data thieves regularly target companies like Defendant’s due to the highly sensitive information that they custody. Defendant knew and understood that unprotected personal identifiable information is valuable and highly sought after by criminal parties who seek to illegally monetize that PII through unauthorized access,” the lawsuit contends. “The ramifications of Defendant’s failure to keep secure the PII of Plaintiff and Class Members are long-lasting and severe. Once PII is stolen — particularly Social Security numbers — fraudulent use of that information and damage to victims may continue for years.”

The class-action suit includes five counts, including negligence, negligence per se, breach of implied contract, unjust enrichment, and Illinois Consumer Fraud Act violation.

Rivers Denies Responsibility

Rush Street Gaming hasn’t yet filed its legal response to the allegations made in the class-action lawsuit. Still, the company said in announcing the data breach last month that it “utilizes robust security protocols” and took immediate steps to “contain the threat and secure our systems” upon detection of the incident.

Rush maintains “no indication of financial fraud or identity theft related to this incident.” The casino offers complimentary identity monitoring and protection services for those the data breach might have impacted.

The casino assists the impacted class with placing a Fraud Alert and Security Freeze on their credit files and obtaining free credit reports. The casino has also set up a dedicated and confidential toll-free response line for questions about the incident at 866-983-3108.