Cyber Incident Victim: Swinomish Casino & Lodge
Date:
Mar 2024
Location:
United States of America
Summary
A cybersecurity incident forced the temporary closure of Swinomish Casino & Lodge, impacting casino operations, restaurants, and loyalty programs while lodging facilities remain open only for existing reservations with refunds offered to affected guests. Employees were instructed not to return to the premises but continue receiving compensation, and the establishment is collaborating with law enforcement and cybersecurity experts to investigate potential data compromise, pledging to notify individuals if impacts are confirmed. The incident has caused significant customer frustration regarding unredeemed tickets and reservations, with no estimated timeline for full operational restoration as monitoring continues for suspicious activity related to personal information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Swinomish Casino & Lodge, a tribal-owned establishment in Anacortes, Washington, ceased operations on Friday, March 29, 2024, initially attributing the closure to technical issues. By Wednesday, April 3, the casino confirmed via Facebook and its website that a cybersecurity incident was under investigation, extending the indefinite shutdown of all gaming facilities, restaurants, and loyalty programs. Employees were instructed not to return to the premises but were assured continued compensation during the closure. Public frustration escalated as patrons reported difficulties obtaining information through the casino’s main phone lines and Human Resources office, with many expressing concerns on social media about unreimbursed event tickets and travel plans. One customer noted a five-hour drive for a show that could not be confirmed, while others criticized the delayed transparency regarding the incident’s nature. The casino acknowledged lodging guests impacted by the disruption would receive refunds but provided no timeline for reimbursing event tickets or rescheduling shows.
The organization engaged law enforcement and third-party cybersecurity experts to investigate the incident’s scope and origin, though no specific attacker actions or compromised systems were disclosed. The FBI’s Seattle office acknowledged awareness of the event but declined to confirm an active investigation due to Department of Justice policy. Operational adjustments included maintaining limited lodge and RV park availability for pre-existing reservations only, with agents contacting guests 24 hours before arrival. The casino advised patrons to monitor financial accounts and credit reports as a precaution but confirmed no evidence yet of data compromise. Updates were restricted to the casino’s website and Facebook page, with no estimated reopening date provided as of April 11, 2024. This closure followed a similar cybersecurity incident at Washington’s Nisqually Red Casino in March 2024, which resumed partial operations within 48 hours.