Hacker claims to have years of stolen data from Ontario casino

Ontario police are investigating what could be a huge data breach at one of the province’s popular casinos, Casino Rama Resort in the cottage country north of Toronto.

The resort said a hacker claimed on Nov. 4 to have accessed customer, employee and vendor information, some of which dates back nine years. As a result anyone who has been to or worked at the the hotel or  casino are being warned to monitor and verify all bank accounts, credit card and other financial transaction statements and report any suspicious activity to the appropriate financial institution.

“We can confirm that certain employee and customer information was stolen.” the resort said.


“The hacker claims to have accessed information that includes Casino Rama Resort IT information, financial reports regarding the hotel and casino, security incident reports, Casino Rama Resort email, patron credit inquiries, collection and debt information, vendor information and contracts and employee information including performance reviews, payroll data, terminations, social insurance numbers and dates of birth,” the resort said in a statement on its Web site. “The hacker claims that the employee information dates from 2004 to 2016, and that some of the other categories of information taken date back to 2007.”

The resort said its internal IT team has been working with cyber security exerts to “neutralize the issue.” There is no indication now that the attacker continues to have access to its systems, it added.

UPDATE: On Nov. 14 a Toronto law firm filed an application in the Ontario Superior Court asking that a multi-million dollar  breach of care class action lawsuit be certified on behalf of a man who was at the Casino Sept. 25, gave a driver’s licence and credit card as identification and recieved an email from the resort on Nov. 10 alerting him that Casino Rama had been the victim of a data breach; and a woman who has been to Casino Rama since 1999 and gave personal information to join the resort’s rewards program. Lawsuits filed on behalf of a class of people with identical claims — as opposed to individual lawsuits — have to be approved by a judge. Before the certification others who think they are victims can join the lawsuit.

The lawsuit asks for $50 million in damages plus $10 million in punitive damages from the defendants, who include the Chippewas of Rama First Nation, who own the resort; CHC Casinos Canada; Penn National Gaming, which operates the resort; the Ontario Lottery and Gaming Corp., which oversees gaming in the province; and the provincial Alcohol and Gaming Commission.

Without any details on how the enterprise was breached the first suspicion falls on the hotel, restaurant and gaming point of sale machines. POS machines at hotels and restaurants have been a target for years. In 2009 we reported on a presentation at that year’s SecTor cyber security conference in Toronto that outlined how the POS server at an unnamed club connected to a major Las Vegas casino was breached through an integrator’s remote desktop support app.  Both the username and password was the POS vendor’s name.

Last year we reported that a new variant of a memory scraper POS malware that dates back to 2008 had been victimizing guests in casinos, resorts and hotels in the last few weeks in Canada, United States, Europe, the Middle East and Latin America.

Casino Rama has notified the Ontario Provincial Police (OPP), the Royal Canadian Mounted Police (RCMP), the Ontario Lottery and Gaming Corporation (OLG) , the Alcohol and Gaming Commission of Ontario and the Privacy Commissioner of Canada and the Information and Privacy Commissioner of Ontario.

The resort, which opened in 1996, is owned by and located on the Rama First Nation, and operated by Penn National Gaming, Inc. , a U.S. based conglomerate which,  through its subsidiaries, owns, operates or has ownership interests in hotel, gaming and racing facilities in 16 American states as well as here.

In its statement the resort emphasized that the casino games hadn’t been breached.

In addition to the casino the resort has a 300-room hotel, eight restaurants and a  5,000 seat entertainment centre, which has hosted The Tragically Hip, Jerry Seinfeld, Jason Derulo, Carrie Underwood, Don Henley and production shows such as Dancing with the Stars and  boxing events.

“Overall we’ve seen a rise in attacks targeting gaming institutions like casinos,” said J.Paul Haynes, CEO of eSentire, a Cambridge, Ont.-based managed security provider. “In cases like this where hackers have targeted and obtained sensitive personally identifiable information (PII) like social insurance numbers and credit card information, the effects of a breach can be felt for months and sometimes even years; usually the information ends up for sale on the dark web. With over 3 million customers per year and more than 2000 staff and a number of third party vendors, thousands of individuals could be impacted. All former and current customers and employees should remain vigilant and monitor their accounts for compromise.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now