CityNews has obtained pages appearing to be cyberhack data that is part of the massive Casino Rama cyber breach first reported Thursday.
The links include collection agency information, revenue reports from the casino and hotel, and even customers’ credit and betting histories. The information was posted on a website used for anonymously posting text.
One segment of the leak includes information revealing the $100,000 debt of one Ontario resident, as recent as March 2016. Other parts include faxes from the casino to bankers, certifying authorization to maintain credit for use at Rama. An annual performance review of one female employee is also on the page, articulating her “willingness to deliver excellent customer service every shift.”
The apparent source of this hack begins the post with a letter speaking to the ease of the breach, writing it was “extremely simple” and that “no security systems were in place leaving the whole casino network wide open.”
It is signed, “Anonymous Threat Agent.”
The page also writes of a complete leak of information on the Internet within 72 hours. The information was posted on Friday.
CityNews verified that names listed in the data correspond with social media profiles that identify Casino Rama as a place of employment. On Friday evening Casino Rama released the following statement:
“There is now evidence that stolen customer and employee personal information has been published on the Internet.
We urge past and present Casino Rama Resort employees and customers who have provided personal or financial information to the casino to actively monitor their financial accounts and information, and to report any suspicious activity immediately to their financial institutions.
There is an ongoing investigation into this matter by law enforcement and we will not be confirming any of the stolen data to protect the identity of any affected individuals.
Casino Rama Resort deeply regrets the situation and recognizes the seriousness of this issue. While we continue to investigate we appreciate the understanding of our customers, employees and stakeholders.”
The posted letter suggests a vulnerability at the Casino itself, writing, “It is in a corporations (sic) best interest to convince the public that they take the protection of data and customer information seriously, when really. They don’t.”
In a statement to CityNews, the Ontario Lottery and Gaming Corporation writes that IT controls are regularly updated, and “This incident is contained to the Casino Rama Resort and not linked to OLG or other gaming facilities in Ontario.”
Two Toronto law firms announced Friday that they are launching class action lawsuits in connection to this hack. Charney Lawyers PC and Sutts, Strosberg LLP are launching a $50 million suit against Casino Rama for a national privacy breach.
On Monday, Flaherty McCarthy LLP will also launch at $500 million class action suit against Casino Rama Inc., Penn National Gaming Inc., and the OLG.
$50M class action lawsuit against Casino Rama after cyberattack