Cyber Incident Victim: Nevada Restaurant Services
Date:
Jan 2021
Location:
United States of America
Summary
Nevada Restaurant Services experienced a malware attack leading to unauthorized data exfiltration, compromising sensitive customer information including Social Security numbers, financial and medical records, biometric data, and government-issued IDs. The company initiated an investigation, implemented enhanced security measures, and offered identity protection services to affected individuals. An assistance line was established for inquiries, with potential impact on approximately 300,000 customers in their player database.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Nevada Restaurant Services (NRS), operator of the Dotty’s slot machine chain and other hospitality brands including Red Dragon taverns and Laughlin River Lodge, experienced a cybersecurity incident involving unauthorized data exfiltration. On an unspecified date in January 2021, NRS detected malware on certain computer systems within its network, prompting an immediate investigation. The inquiry confirmed a cyberattack had occurred, with an unauthorized actor copying information from the systems on or before January 16, 2021. Compromised data included highly sensitive personal and financial details such as Social Security numbers, driver’s license or state ID numbers, passport numbers, financial account and routing numbers, health insurance information, medical treatment records, biometric data, taxpayer identification numbers, and credit card numbers with expiration dates. The scope of exposed information varied per individual, though the company did not disclose the exact number of affected persons. NRS, which employs approximately 600 people, generates over $70 million annually and operates roughly 200 locations across Nevada, Oregon, Montana, and Illinois.
Following the breach, NRS implemented enhanced security measures, including technical safeguards to fortify its network environment. The company initiated victim notifications via mail contingent upon the availability of valid mailing addresses and established a dedicated assistance line (833-909-3914) for individuals seeking confirmation of their involvement. While Dotty’s player database reportedly contained approximately 300,000 customer records, NRS did not specify how many were directly impacted. Affected individuals were offered complimentary identity protection services, consistent with standard post-breach protocols. NRS advised victims to monitor for identity theft and fraud, utilize annual free credit reports, and consider fraud alerts or credit freezes, while cautioning that credit freezes might delay legitimate credit-related transactions. The breach exposed operational vulnerabilities but did not result in publicly disclosed immediate financial or legal consequences beyond the remediation efforts and consumer safeguards described.