Casino Rama Resort became aware that it has been the victim of a cyberattack that resulted in the theft of (past and present) customer, employee and vendor information by an anonymous threat agent.
Casino Rama Resort is working with the Ontario Provincial Police (OPP), the Royal Canadian Mounted Police (RCMP), the Ontario Lottery and Gaming Corporation (OLG) and the Alcohol and Gaming Commission of Ontario (AGCO), and has alerted the Office of the Privacy Commissioner of Canada (OPC) and the Information and Privacy Commissioner of Ontario (IPC).
"Data security is a top priority for Casino Rama Resort, and we take our responsibility to protect our customers', employees' and vendors' personal information very seriously," said John Drake, president and CEO, Casino Rama Resort.
The hacker claims to have accessed information that includes Casino Rama Resort IT information, financial reports respecting the hotel and casino, security incident reports, Casino Rama Resort email, patron credit inquiries, collection and debt information, vendor information and contracts and employee information including performance reviews, payroll data, terminations, social insurance numbers and dates of birth. The hacker claims that employee information dates from 2004 to 2016, and some of the other categories of information taken date back to 2007.
"Casino Rama Resort deeply regrets this situation and recognizes the seriousness of this issue. Our teams have been working around the clock with cyber security experts," stated Drake. "We appreciate the understanding of our customers, employees and stakeholders as we continue to investigate."
As a precaution, Casino Rama Resort is advising customers, employees and vendors to monitor and verify all bank accounts, credit card and other financial transaction statements and report any suspicious activity to the appropriate financial institution. General tips and resources for protecting against identity theft and fraud are available on the OPC website, at: https://www.priv.gc.ca/resource/topic-sujet/itf-vif/index_e.asp and the IPC website, at https://www.ipc.on.ca/wp-content/uploads/Resources/id-theft-e.pdf.
There is no indication that the hacker continues to have access to the system. It is possible, however, that the hacker will publish information that was stolen. Casino Rama Resort's internal teams have been working with cyber security experts to neutralize the issue and provide further safeguards to the system since becoming aware of the situation on November 4th, 2016.
Information updates will be available on the Casino Rama Resort website (www.casinorama.com/datainquiry) for those who wish additional information.