Casino Rama hack highlights cyber theft risk to personally identifying information

The Casino Rama Resort in Rama, Ontario, has issued a statement affirming that it has been “the victim of a cyberattack that resulted in the theft of (past and present) customer, employee and vendor information,” and is now advising its “customers, employees and vendors to monitor and verify all bank accounts, credit card and other financial transaction statements and report any suspicious activity to the appropriate financial institution.”
The data included financial reports, payroll records, IT information, security incident reports, email, patron credit inquiries, collection and debt information, vendor information and contracts and employee information, including performance reviews, payroll data, terminations, social insurance numbers and dates of birth.
The casino first became aware of the hack on November 4 when they were contacted by the hacker, and says in their statement, “There is no indication that the hacker continues to have access to the Casino Rama Resort system. It is possible, however, that the hacker will publish information that was stolen previously.”
The hacker claims that the employee information dates from 2004 to 2016, and that some of the other categories of information taken date back to 2007.
The casino assures its customers that it has been working “around the clock” with cyber security experts “to neutralize the issue and provide further safeguards to our systems.”
The Ontario Lottery and Gaming Commission has assured people who visit other casinos that the attack was site-specific, and that they need not worry that all casinos are leaking information.
Even so, the Casino Rama hack is simply the latest example of organizations being targeted by cyber thieves.
J. Paul Haynes, CEO of Cambridge, Ontario’s eSentire, tracks the nature and scope of hacks, while also selling solutions to companies looking to protect themselves.
“With over three million customers per year and more than 2,000 staff and a number of third party vendors, thousands of individuals could be impacted. All former and current customers and employees should remain vigilant and monitor their accounts for compromise,” says Haynes of the Casino Rama hack. “In a case like this where hackers have targeted and obtained sensitive personally identifiable information (PII) like social insurance numbers and credit card information, the effects of a breach can be felt for months and sometimes even years; usually the information ends up for sale on the dark web.”
While no one is immune to cyber theft, there are particular targets that it makes sense from a hacker’s perspective to attack.
“Even organizations who go to great lengths when it comes to security, can fall victim to a cyberattack,” says Haynes. “The individuals targeting these organizations are using sophisticated toolkits designed to find and exploit any potential points of network entry. Midsized organizations are a popular attack target as they typically don’t have the same level of cybersecurity defenses as their larger peers. Continuous, eyes-on-glass network monitoring is essential to detect and stop the kinds of sophisticated attacks targeting businesses today.”
The fact that most mid-sized organizations lack the budget to continuously monitor cyber security merely highlights the fact that entrusting your personally identifying information to their care remains a gamble.