DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Plaintiffs in Casino Rama class-action lawsuit and defendants argue in court over how big the class should be.

Posted on March 30, 2019 by Dissent

In November, 2016, Casino Rama in Ontario disclosed that it  had been hacked. Shortly thereafter, we learned that some of that data had already been leaked online. The hackers, who signed themselves as “Anonymous Threat Agent,” wrote that the breach was “extremely simple” and that “no security systems were in place leaving the whole casino network wide open.”

At that time, the hackers dumped about 14,000 records related to almost 11,000 people, while claiming that they had another 150 gigabytes of data.

Not totally surprisingly, the casino is facing a class-action lawsuit. In June, 2018, the casino got an adverse ruling from the court, which held that the casino would have to hand over a computer forensics investigation report to the plaintiffs.

In the latest development, Colin Perkel reports that lawyers for the plaintiffs are claiming that as many as 200,000 people may have had their personal information stolen — an allegation that the casino denies, claiming that at most, 10,000 – 11,000 were impacted.

The plaintiffs may find some help in a recent report by the Ontario Privacy Commission on the results of that office’s investigation into the incident. And that report is the first the public has seen of any of the details of the hack. Of note, the report makes clear that this was a phishing attack that some employees fell for, but even when the attack was reported up the chain by alert employees, the casino may not have taken sufficient countermeasures to block the attackers from connecting remotely from a Russian IP address and transferring files to DropBox.  By the time the casino really blocked remote access and exfiltration of data, 39 casino systems had been compromised.

In response to the plaintiff’s lawyer’s claims, the casino’s lawyer told the court that the privacy commissioner’s office did not have full details and their report shouldn’t be relied upon to determine how large the potential class-action class should be.

The court will likely decide the scope of class issue in May, but there will be a lot more to come in this case.

In the meantime, watch this space next week for a follow-up on another Canadian hack that may give you a feeling of deja vu. And yes, spoiler alert:  I think it is the same threat actor group, just calling themselves by a different name. Stay tuned.

 

 

 

Category: Business SectorCommentaries and AnalysesNon-U.S.Of NotePhishing

Post navigation

← DePaul experienced phishing-related data breach, notified 902 health program clients (updated, corrected)
NY: Albany attacked by ransomware hack, mayor says →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.