Hack job: Casino Cyber Security
You would have to been hiding under a rock for the past 35 years or so to have never heard of hacking. Indeed, as long as there have been computer networks, there have also been skilled programmers probing these systems for weaknesses and ways to surreptitiously enter and view otherwise restricted information. These infiltrators came to be known as "hackers" and, if you believe the mythology espoused in 1980s and 1990s movies such as Wargames and Sneakers, snuck their way into computer networks for a host of “white hat” reasons such as the challenge, as a form of protest or, simply, for the fun of it.
Whatever the initial reasons for hacking, it did not take long for the practice to become criminalized—entrée into secured computers networks could lead directly to money or private information gained while hacking could be sold for profit. What was once looked upon as a benign activity has become increasingly dark and costly, as evidenced by recent computer breaches at Target and Yahoo, and even frightening, as shown by the alleged Russian-backed hack of the Democratic National Committee that might have influenced the outcome of last November’s presidential election.
I wish I could say that the gaming industry has been immune from these types of cybercrime, but that is not the case. The past few years have seen reports that both Sands Las Vegas Corporation and Hard Rock Hotel & Casino were victims of computer network hackers who stole valuable customer data. The latest gaming property to suffer a costly cyberattack was Orillia, Ontario-based Casino Rama Resort. In a press release issued last November, Casino Rama said it was contacted by a hacker who, “claims to have accessed information that includes Casino Rama Resort IT information, financial reports respecting the hotel and casino, security incident reports, Casino Rama Resort e-mail, patron credit inquiries, collection and debt information, vendor information and contracts and employee information including performance reviews, payroll data, terminations, social insurance numbers and dates of birth. The hacker claims that employee information dates from 2004 to 2016, and some of the other categories of information taken date back to 2007.”
Shortly after this breach was made public by Casino Rama, 14,000 documents from the hack were made available online, according to local reports. The incident has led to class action lawsuits being filed against the property.
If there is any silver lining in this whole unfortunate set of circumstance, it is the fact that Casino Rama’s payment system, casino games and players’ club systems were not compromised during the cybercrime, primarily because they operated independently of the networks that were hacked. But will this be the case in any future casino cybercrimes? Thanks to mobile devices and the Internet of Things (IoT), there is a desire by some within the casino industry to have greater intercommunication between various business systems within the gaming enterprise, with the goal of improving the overall customer experience and gaining valuable patron insights that will aid marketing and retention programs. How safe will such interconnected systems be against determined cybercriminals? I think it is fair to state that, at this time, no one really knows.
Still, time and technology always march on, and chances are complete system integration across the entire business enterprise is in the cards for resort properties. Here’s hoping a cybersecurity voice or voices will be involved from the start.