Cyber Incident Victim: Casino Rama Resort
Date:
Nov 2016
Location:
Canada
Summary
A Canadian casino resort experienced a cyberattack where a hacker stole over a decade of sensitive data, including employee payroll information, social insurance numbers, financial reports, security documents, emails, and vendor details. The breach impacted current and former personnel, prompting notifications urging customers, employees, and vendors to monitor financial accounts for suspicious activity. Law enforcement and cybersecurity experts were engaged to mitigate risks, with no evidence of ongoing network access by the attacker, though stolen data might be publicly released. Casino operations remained unaffected as gaming systems operated independently from compromised networks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 10, 2016, Casino Rama Resort publicly disclosed a significant data breach after being contacted by a hacker claiming to have stolen over a decade’s worth of sensitive information. The resort first learned of the incident on November 4, 2016, when the attacker asserted they had compromised data from its networks between 2004 and 2016. The stolen information included financial reports, security documents, internal emails, credit enquiries, debt records, vendor listings, employee contracts, payroll data, social insurance numbers, and dates of birth for current and former employees. Casino Rama immediately engaged law enforcement agencies, including the Royal Canadian Mounted Police (RCMP), to investigate the breach and mitigate potential further actions by the hacker. The resort issued a public statement advising customers, employees, and vendors to monitor bank accounts, credit cards, and financial transactions for suspicious activity, directing them to report anomalies to their financial institutions.
Casino Rama confirmed that casino floor operations—including game performance and setup—remained unaffected, as those systems operated independently from the compromised networks. While investigators found no evidence of ongoing unauthorized network access, the resort acknowledged the possibility that stolen data could be published online in the future. Internal teams collaborated with external cybersecurity experts in a round-the-clock response to secure systems and assess the breach’s scope. Spokesperson Jenna Hunter emphasized the decision to disclose the incident promptly to alert potentially affected individuals despite the ongoing investigation. Security expert J. Paul Haynes of eSentire noted that breaches involving personally identifiable information like social insurance numbers and credit data often result in long-term risks, with stolen records typically appearing for sale on dark web markets. The resort reiterated its commitment to data security but provided no additional technical details regarding the attack vector or the hacker’s identity.