A First Nations resort casino in Ontario has confirmed in a statement that it was the victim of a cyberattack—one that resulted in the theft of customer, employee and vendor information.
Casino Rama Resort became aware of the data breach on its systems on November 4.
In a release, the casino said that it is working with the Ontario Provincial Police (OPP), the Royal Canadian Mounted Police (RCMP), the Ontario Lottery and Gaming Corporation (OLG) and the Alcohol and Gaming Commission of Ontario (AGCO) on the investigation and containment of the data breach. The casino has also alerted the Office of the Privacy Commissioner of Canada (OPC) and the Information and Privacy Commissioner of Ontario (IPC) regarding the incident.
“Data security is a top priority for Casino Rama Resort, and we take our responsibility to protect our customers’, employees’ and vendors’ personal information very seriously,” said Casino Rama Resort president and CEO John Drake.
The hacker purportedly involved with the incident has claimed to have stolen data such as the casino’s IT information, financial reports related to the hotel and casino, security incident reports, casino employee emails, patron credit inquiries, collection and debt information, vendor information and contracts and employee information including performance reviews, payroll data, terminations, social insurance numbers and dates of birth. The hacker also claims that the stolen employee information dates from 2004 to 2016, and some other data date as far back as 2007.
“Casino Rama Resort deeply regrets this situation and recognizes the seriousness of this issue. Our teams have been working around the clock with cyber security experts,” said Drake in a statement. “We appreciate the understanding of our customers, employees and stakeholders as we continue to investigate.”
The casino is advising customers, employees and vendors to monitor and verify their bank accounts, credit cards, and other financial transaction statements. Any suspicious activity detected should be reported to the appropriate financial institution.
A statement from Casino Rama reported that there seems to be no indication that the hacker continues to have access to the system. The casino additionally warns that the hacker could publish the stolen information online for everyone to see.
Related stories:
Yahoo expected to confirm massive data breach
Massive hack investigated by RCMP
