Canada based Casino Rama Resort said that a hacker broke into its internal computer systems and accessed detailed company, customer, employee and vendor information.
Casino Rama Resort said that it became aware of the incident on November 4th, 2016, when an anonymous hacker claimed to have accessed company information, including IT details, financial reports, security incident reports, company email, customer credit inquiries, collection and debt information, vendor information and contracts.
The hacker also claims to have accessed employee information including performance reviews, payroll data, terminations, social insurance numbers and dates of birth.
While the hospitality industry has been the subject of many attacks and successful breaches in recent years, this incident seems particularly damaging compared to most, which have often been limited to Point-of-Sale data.
According to the company, the hacker is claiming that employee information obtained dates from 2004 to 2016, and other categories of information taken date back to 2007.
The company said the attack was contained to the Casino Rama site, as its computer systems are not linked to its other facilities in Ontario.
“There is no indication that the hacker continues to have access to the system,” Rama Resort’s said in a statement. “It is possible, however, that the hacker will publish information that was stolen. Casino Rama Resort’s internal teams have been working with cyber security experts to neutralize the issue and provide further safeguards to the system since becoming aware of the situation on November 4th, 2016.”
The company did not say if a ransom was demanded in order to prevent the publishing of the stolen data.
Contacted by SecurityWeek, a company spokesperson said, “Casino Rama Resort is working with the authorities to determine the exact nature and reason for the cyberattack. Obviously, while there is an ongoing investigation we are limited in how much detail we can provide.”
The gaming and resort operator said it is working with the Ontario Provincial Police (OPP), the Royal Canadian Mounted Police (RCMP), the Ontario Lottery and Gaming Corporation (OLG) and the Alcohol and Gaming Commission of Ontario (AGCO), and has alerted the Office of the Privacy Commissioner of Canada (OPC) and the Information and Privacy Commissioner of Ontario (IPC).
Casino Rama Resort is operated by Penn National Gaming, Inc.

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- Watch Now: Threat Detection and Incident Response Virtual Summit
- Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta
- NetRise Adds $8 Million in Funding to Grow XIoT Security Platform
- Virtual Event Today: Zero Trust Strategies Summit
- Virtual Event Tomorrow: Zero Trust Strategies Summit
- Watch: How to Build Resilience Against Emerging Cyber Threats
- Video: How to Build Resilience Against Emerging Cyber Threats
- Webinar Today: Understanding Hidden Third-Party Identity Access Risks
Latest News
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Zoom Expands Privacy Options for European Customers
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Apple Unveils Upcoming Privacy and Security Features
- Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
- Google Patches Third Chrome Zero-Day of 2023
- Dozens of Malicious Extensions Found in Chrome Web Store
