Canada based Casino Rama Resort said that a hacker broke into its internal computer systems and accessed detailed company, customer, employee and vendor information.
Casino Rama Resort said that it became aware of the incident on November 4th, 2016, when an anonymous hacker claimed to have accessed company information, including IT details, financial reports, security incident reports, company email, customer credit inquiries, collection and debt information, vendor information and contracts.
The hacker also claims to have accessed employee information including performance reviews, payroll data, terminations, social insurance numbers and dates of birth.
While the hospitality industry has been the subject of many attacks and successful breaches in recent years, this incident seems particularly damaging compared to most, which have often been limited to Point-of-Sale data.
According to the company, the hacker is claiming that employee information obtained dates from 2004 to 2016, and other categories of information taken date back to 2007.
The company said the attack was contained to the Casino Rama site, as its computer systems are not linked to its other facilities in Ontario.
“There is no indication that the hacker continues to have access to the system,” Rama Resort’s said in a statement. “It is possible, however, that the hacker will publish information that was stolen. Casino Rama Resort’s internal teams have been working with cyber security experts to neutralize the issue and provide further safeguards to the system since becoming aware of the situation on November 4th, 2016.”
The company did not say if a ransom was demanded in order to prevent the publishing of the stolen data.
Contacted by SecurityWeek, a company spokesperson said, “Casino Rama Resort is working with the authorities to determine the exact nature and reason for the cyberattack. Obviously, while there is an ongoing investigation we are limited in how much detail we can provide.”
The gaming and resort operator said it is working with the Ontario Provincial Police (OPP), the Royal Canadian Mounted Police (RCMP), the Ontario Lottery and Gaming Corporation (OLG) and the Alcohol and Gaming Commission of Ontario (AGCO), and has alerted the Office of the Privacy Commissioner of Canada (OPC) and the Information and Privacy Commissioner of Ontario (IPC).
Casino Rama Resort is operated by Penn National Gaming, Inc.