Legal action is taken after a multi-casino ransomware attack.
A recent casino breach in southern Nevada, during which over 200,000 customer’s personal data was stolen from two of its three locations, has sparked a class-action lawsuit against parent company Rancho Mesquite. Rancho Mesquite owns and operates three separate locations, including Rising Star Sports Ranch Resort, also in Mesquite, the Eureka Casino in Las Vegas, and The Brook in Seabrook, New Hampshire.
Reports indicated that the information compromised included personal details such as the full names of customers and their social security numbers. A letter to casino clients released by Rancho Mesquite revealed, “On November 9, 2022, Eureka experienced a cybersecurity incident during which some of our systems were encrypted by an unauthorized actor. Upon discovering the incident, we immediately took steps to secure our systems, began an investigation, and a cybersecurity firm was engaged to assist. Although the investigation is ongoing, we identified certain data that the unauthorized actor accessed during the incident. We began a review of the data and identified that the data included some of your information. Specifically, the data included your name and Social Security number.”
The company indicated it proactively urged its customers to remain vigilant as a result of the breach, checking for any suspicious transactions such as loans opened in their names, medical bills tied to their information, tax bills, or any other forms of identity theft. It also began offering a specialized phone line and a crediting monitoring system for a year.
According to the court filing, however, Rancho Mesquite alleged failed to properly encrypt this sensitive data in its computer systems in the first place, making it vulnerable to hackers. The suit was originally filed in Las Vegas court by a plaintiff from California whose computer was part of the attack. A ransomware breach typically involves a organization’s computer security system, where personal information is compromised, and the hacker or hackers demand a “ransom” in order to release the information back to the affected group.
The lawsuit also alleges Rancho Mesquite did not notify its consumers until well after their data was stolen – it officially reached out in December 2022. Plaintiffs are seeking monetary damages and asking the company to tighten security measurements moving forward.
Back in 2021, the Nevada Gaming Control Board (NGCB) notified casinos that cyberattacks could be affecting their security systems. “With these cash-heavy businesses, it’s going to be a big deal going forward and a major challenge,” J Brin Gibson, head of the NGCB, said at the time.
Several casinos around the nation had to temporarily close their doors during that time to deal with these types of attacks. In June 2021, for example, six tribal-led casinos in Oklahoma, known as the Lucky Star Casinos, closed their doors. This has also affected other high profile gambling facilities in California and Las Vegas.