Station Casinos Hacked Earlier This Year
Posted on: May 31, 2026, 10:18h.
Last updated on: May 31, 2026, 10:18h.
- Station Casinos suffered a March 2026 data breach involving unauthorized access to an employee’s account
- Compromised data included sensitive personal information like Social Security numbers, prompting credit monitoring services for victims
- The company claims the breach did not negatively impact its overall casino business operations
Station Casinos quietly joined the growing list of Las Vegas gaming companies hit by hackers earlier this spring.
Palace Station is one of six locals casinos operated by Station Casinos in the Las Vegas area. (Image: Shutterstock)According to a data‑breach notice filed with the Maine Attorney General’s Office, Station Casinos — which operates Red Rock Casino Resort Spa, Green Valley Ranch Resort Spa Casino, Palace Station Hotel & Casino, Boulder Station, Sunset Station, and Durango Casino & Resort — discovered on March 5, 2026, that an “external threat actor” had gained unauthorized access to its computer systems.
The company said the intrusion was detected the day it occurred, and later determined that a single employee’s account and associated files were compromised.
Customer notifications began on May 21, 2026, with cybersecurity outlet Cybernews publishing the first detailed story the following day. The filing notes that at least one Maine resident’s data was involved, triggering that state’s reporting requirements.
Station told Cybernews the incident did not affect casino operations and that it immediately brought in outside cybersecurity experts and notified law enforcement.
The company has publicly disclosed neither how many people were affected nor what type of data was exposed. However, some of that predictable information was shared by Casino.org’s own Vital Vegas, who tweeted out one of Station’s breach notices to its customers on May 31, 2026.
“On April 15, 2026, our investigation determined that some of your personal information may have been accessed by an unauthorized individual, including your name and date of birth, Social Security Number,” it read, offering complimentary credit monitoring and identity‑theft protection to potentially affected individuals.
A spokesperson told Cybernews the company does not believe the incident will have a material adverse effect on its financial condition or results of operations. Red Rock Resorts, Station’s parent company, has reported revenues in the $1.7-$2.1 billion range in recent years.
The March 5 cyber incident has not been linked to the five‑hour power outage that unplugged the Red Rock casino floor on May 29, 2026.
No comments yet