Station Casinos Hit With Class-Action Suit Over Cyberattack
Posted on: June 3, 2026, 10:58h.
Last updated on: June 3, 2026, 10:58h.
- A newly filed class-action lawsuit alleges that Station Casinos failed to take adequate steps to secure customer data during a March 2026 cyberattack
- The suit claims the locals casino company’s inadequate security systems allowed unauthorized access to sensitive personal information
- Station Casinos is the fifth major Nevada casino operator to suffer a significant cyberattack since 2023
A Clark County woman has filed a class-action lawsuit in federal court against Station Casinos, accusing the locals‑casino company of failing to safeguard customer data exposed in a recently revealed March 2026 cyberattack.
According to the Las Vegas Review‑Journal, plaintiff Susan Geiner filed the complaint on Thursday, May 29, in U.S. District Court in Nevada, both individually and on behalf of a broader group of customers allegedly affected by the breach. Red Rock Resorts Inc., the parent company of Station Casinos, is listed as the defendant.
Station confirmed the intrusion to the cybersecurity media outlet Cybernews a day after notifications to potentially affected customers went out on May 21, 2026. The notification offered free credit‑monitoring and identity‑theft protection to impacted customers.
Filed by the Las Vegas‑based Freedom Law Firm and Ahdoot & Wolfson of King of Prussia, Pennsylvania, the lawsuit argues that Station Casinos should have recognized the appeal of its customer data to cybercriminals and implemented stronger safeguards.
“The hospitality and gaming industries are a prime target for ransomware attacks such as this because these organizations store vast amounts of sensitive data, including (Social Security numbers), financial information, and personal identification details,” the lawsuit states. “This data is incredibly valuable on the black market, where it can be sold for purposes such as identity theft and fraud. The high demand for this data makes hotels and casinos a lucrative target for cybercriminals.”
The filing also alleges that Station’s internal security systems were inadequate and failed to detect the breach in progress.
“The fact that the hackers could perform these overt, noisy operations without detection strongly suggests that defendants failed to implement and maintain the necessary monitoring and alerting systems, including endpoint detection and response tools, sufficient to timely identify malicious activity and empower defendants cybersecurity staff to stop or limit the attack,” the filing states.
Geiner seeks a jury trial and “appropriate monetary relief, including actual damages, statutory damages, equitable relief, restitution, disgorgement and statutory costs,” according to the R-J. Her suit also asks the court to require Station Casinos to cover the cost of notifying class members and administering any claims process, along with prejudgment and post‑judgment interest, attorneys’ fees, and “further relief as this court may deem just and proper.”
Station Casinos operates the Red Rock Casino Resort Spa, Green Valley Ranch Resort Spa Casino, Palace Station Hotel & Casino, Boulder Station, Sunset Station, and Durango Casino & Resort in Las Vegas.
The breach makes Station the fifth major area casino operator hit by a cyberattack in less than three years. Wynn Resorts disclosed an October 2025 attack in February 2026; Boyd Gaming suffered one in September 2025; MGM Resorts International was crippled by a high‑profile September 2023 intrusion; and Caesars Entertainment was hacked in August 2023.
No comments yet