The Casino Rama Resort in Ontario, Canada announced Thursday that the facility had suffered a data breach that could have compromised information going back as far as 2004. One day later a class action lawyer began preparations for a $50 million lawsuit against the property.
Toronto Lawyer Ted Charney proposed the suit on Friday and according to several media reports the “statement of claim” will be filed in Superior Court on Monday.
The casino warned customers in a news release that they should be hyper vigilant in examining credit cards, bank accounts, and other financial information for unrecognized transactions or changes following news of the cyber attack. Some outlets are reporting that Casino Rama became aware of the breach as early as November 4 but waited several days before warning customers.
Customer data was compromised back to at least 2007 while employee and company information, including critical financial reports and sensitive employee and vendor information from as far back as 2004 may have been accessed by the hacker. Customer data including credit inquiries was stolen.
The OLG says the breach only occurred at Casino Rama and that customer information from other casinos under their jurisdiction is safe.
In the initial press release the casino said that although there was no evidence the hacker was still inside the system, data could be published on the internet. Late Friday, CityNews reported that they had obtained pages that appeared to be data from the cyber hack, and that the hacker claimed the entire trove of data would be released within the next 72 hours. Data already released reportedly includes betting and credit history of some customers, collection agency info related to a deeply indebted patron, bank faxes authorizing customer credit accounts, and employee performance reviews.
So far there has been no official announcement nor public admittance by the hacker that extortion was involved in the cyberattack.