Home News Canadian Casino Hacked Ontario Casino Players Fall Victim

Ontario Casino Rama Customer Data leaked Online

By: Russell Potvin , Mon. Nov. 21, 2016

Canadian Casino Hacked - Ontario Casino Players Fall Victim

Stolen Casino Rama customer information has been leaked online just one day after the casino announced that Ontario casino players are victims of a cyber attack.

The First Nations-owned Casino Rama Resort in Ontario, Canada reported that they had become the victim of a cyber attack by an anonymous threat agent. The casino stated that an unidentified hacker claimed to be in possession of "past and present customer, employee, and vendor information" dating back as far as 2004. This breach was identified on the 4th of November and the stolen data included emails, IT information, financial reports for both the hotel and casino, security reports, collection and debt information, credit inquiries, vendor information and personal data for all the casino staff.

Casino Rama set up a web page to keep affected individuals up to date on the latest information they received and they advised their customers and employees to keep an eye on their financial accounts and report any suspicious activity.

A day later the stolen data surfaced online. Toronto's City News reported that the anonymous hacker posted some of the stolen data online, along with a warning that the all the data would follow within 72 hours. This is terrible news for legal online gambling in Canada and it may cause a severe drop in players accessing these sites.

The hackers post also included a note stating that is was "extremely simple" to access Casino Rama's files and that "no security systems were in place leaving the whole casino network wide open." The anonymous hacker then went on to chastise the casino for convincing the public "that they take the protection of data and customer information seriously when really they don't."

City New also said that some of the data that was posted online includes customer credit and betting histories, collection agency information related to a $100K debt owed by an Ontario resident, annual performance reviews of staff members, and copies of faxes to banks.

On top of all this, a C$50m privacy breach class action lawsuit proposed by Charney Lawyers PC and Sutts, Strosberg LLP on behalf of Casino Rama staff, customers, and vendors, has also been mentioned. The attorneys have created a website where affected individuals can add their name to the lawsuit.

So far neither the anonymous hacker nor the Ontario Casino, Casino Rama, have indicated whether this breach was part of an attempt to extort the casino.

Casino Rama Not The First Casino To Be Hacked

Casino Rama is the provinces' only First-Nations-owned casino but it isn't the first gaming venue to be targeted in this manner. Back in 2014, Las Vegas Sands' Sands Bethlehem property was targeted and was the subject of a major security breach back hackers.

Only last week we saw UK bookmaker William Hill being subjected to a DDoS attack which knocked its website offline. The attackers, in this case, were believed to be employing the new Miral Botnet, which hijacks hundreds of thousands of Internet of Things (IoT) devices to bombard its target with incoming data.

The source code for the Miral botnet was posted online at the start of October which caused a wave of DDoS attacks on a number of websites. Expert security firm Flashpoint believes the Miral code may, in fact, be working against the hackers as they are all competing to hijack the same IoT devices. They also believe that the IoT botnet landscape is now saturated and there are not enough new vulnerable devices, but they do believe that there are still three or four major Miral botnets out there that are capable of launching DDoS attacks like the ones we saw last month that led to the temporary inaccessibility of Twitter and Reddit.