A Southern Nevada casino is now facing a class action lawsuit for allegedly leaving its systems vulnerable and exposing the personal information of hundreds of thousands of customers and employees.
Lack of Timely Notice
Initiated by a California resident who claims his computer was part of a ransomware attack due to the casino security breach, the class action lawsuit accuses the company operating the Rising Star Sports Ranch Resort in Mesquite and The Brook in Seabrook, New Hampshire, of failing to provide the affected with timely and adequate notice, Las Vegas-based 8 News Now reported.
Rancho Mesquite Casino was the victim of a cyberattack in November 2022 during which a hacker accessed sensitive information of more than 200,000 casino customers and company employees, including their full names and social security numbers but it was in December when it sent notices to its clients about the breach.
In a letter sent to those whose personal data was exposed over the course of the several days of the hacker attack and enclosed in the court filing, the company explained that there was “a cybersecurity incident” on November 9 affecting Eureka during which parts of the casino company’s systems “were encrypted by an unauthorized actor.” Eureka Security is an Israeli-based cloud data security provider.
“Upon discovering the incident, we immediately took steps to secure our systems, began an investigation, and a cybersecurity firm was engaged to assist,” wrote the casino company to the affected parties, telling them that “although the investigation is ongoing, we identified certain data that the unauthorized actor accessed during the incident.”
“We began a review of the data and identified that the data included some of your information,” the letter concluded, pointing out that the data exposed to the hacker attack included names and social security numbers. The company also opened a dedicated phone line and offered one year of credit monitoring for those affected.
Negligence and Breach of Contract
The lawsuit accuses the casino operator of negligence, breach of contract and other counts, asking a jury to award monetary damages to the class members for the company’s failure to encrypt their sensitive information, and order the operator to strengthen its cybersecurity defenses.
“Simply put, plaintiff and class members now face substantial risk of out-of-pocket fraud losses such as loans opened in their names, medical services billed in their names, tax return fraud, utility bills opened in their names, credit card fraud, and similar identity theft,” claim the class action lawsuit documents.
The casino operator was repeatedly contacted by the reporting media with a request for comments but did not respond.