Cyber Incident Victim: Grey Eagle Resort and Casino
Date:
Jan 2017
Location:
Canada
Summary
Unauthorized actors breached Grey Eagle Resort and Casino's systems, exfiltrating hundreds of gigabytes of sensitive data including customer gambling records, personal identifiers (such as names, dates of birth, and Social Insurance Numbers), employee termination documents, internal incident reports, financial records, and six months of emails. The attackers threatened to release the stolen information in multiple data dumps but provided no motive for the intrusion. The organization initially failed to respond to inquiries but later acknowledged a limited compromise involving one computer. The incident exposed extensive personal and operational details of both patrons and staff.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 24, 2017, an anonymous individual using the pseudonym "Guest" posted a message on Pastebin claiming to have hacked Grey Eagle Resort and Casino. The post announced the theft of hundreds of gigabytes of sensitive data and threatened to release it in multiple data dumps. The compromised information allegedly included extensive customer details such as names, dates of birth, phone numbers, email addresses, Social Insurance Numbers (SIN), gambling habits, outstanding debts, investigation reports, and security incident records. Employee data reportedly stolen encompassed SINs, contact information, termination letters, offer letters, and internal incident reports. The hackers also claimed possession of proprietary business documents, including casino revenue and profit statements, budgets, marketing strategies, and six months' worth of internal emails. The Pastebin entry included a link to sample data purported to originate from the breach, with a promise of imminent full data releases. No motive for the attack or intended data disclosure was provided in the post.
DataBreaches.net attempted to contact Grey Eagle through their website contact form and direct messages via Twitter on January 24 but received no response, despite observing active Twitter activity from the resort. Following these unsuccessful outreach attempts, Grey Eagle confirmed to Global News that a security incident had occurred, though they characterized the breach as limited to unauthorized access to a single computer. This statement contradicted the scale of data theft asserted by the hackers, who referenced hundreds of gigabytes of exfiltrated material. As of January 26, no individual or group had publicly claimed responsibility for the attack on social media platforms like Twitter, and Grey Eagle had not issued further public statements addressing the discrepancies between their account and the hackers' claims. The resort did not disclose detection methods, containment procedures, or specific impacts on affected individuals or operations. The incident remained unresolved at the time of reporting, with no confirmation of whether the threatened data dumps occurred.