As I commented this week: protected health information or medical information can be found in so many breaches involving entities that may not sound “medical” to you. Today, this site is posting two such notifications. Here’s the second one.
LAS VEGAS, Sept. 24, 2021 /PRNewswire/ — Golden Entertainment, Inc. (“Golden”) is notifying individuals of an incident that may affect the privacy of some personal information as part of its commitment to privacy. Golden has no evidence of actual or attempted misuse of information as a result of this incident, but this notice provides details about the incident, Golden’s response, and resources available to help protect information.
What Happened? In late January, Golden discovered that certain portions of its network were infected with malware. Golden promptly took steps to secure the network and, with the assistance of computer forensic specialists, conducted an investigation to determine the nature and scope of the event, including any risk to data. The investigation confirmed that an unauthorized actor gained access to a portion of the network and encrypted network files around January 24, 2021. The investigation also determined the unauthorized actor acquired certain documents before the encryption occurred. Given that network locations were accessed without authorization, Golden undertook a lengthy and time-intensive thorough review of the potentially impacted information in order to identify the information that was potentially impacted and to whom it related. This review was completed on or around August 25, 2021, at which time Golden confirmed the individuals whose information was present. Golden then worked to reconcile the results of the review with internal records in furtherance of identifying the individuals to whom the data related and the appropriate contact information for those individuals in order to provide notification to potentially impacted individuals as quickly as possible.
What Information Was Involved? While the impacted information varied by individual, the investigation determined that the information affected included individual name, date of birth, Social Security number, driver’s license or state identification number, financial account information, debit or credit numbers, and medical treatment or diagnosis information. Please note, Golden does not have any evidence of misuse of any information impacted as a result of this incident.
What We Are Doing. Golden takes this incident and the security of personal information very seriously. Upon discovering the activity, Golden conducted a comprehensive investigation of the event to confirm its nature and scope. Further, Golden has security measures in place to protect the data on its systems and continues to assess and update security measures and training to employees to safeguard the privacy and security of information in its care. Golden also notified law enforcement of this event and notified regulatory authorities, as required by law.
On September 24, 2021, Golden Entertainment began mailing written notice to potentially impacted individuals. Golden Entertainment also posted noticed of this incident on its website at: https://www.goldenent.com. As an added precaution, Golden is offering impacted individuals with access to credit monitoring and identity theft protection services through Kroll at no cost as an added precaution.
What You Can Do. Golden encourages individuals to remain vigilant against incidents of identity theft and fraud by reviewing account statements and monitoring free credit reports for suspicious activity and reporting any such activity to law enforcement. Individuals can also enroll to receive the complimentary credit monitoring services offered within the letter. Please also review the information contained in the below Other Steps to Protect Personal Information.
For More Information. Golden Entertainment has set up a dedicated toll-free line at (855) 551-1533, 6:00 am to 3:30 pm Pacific Time Monday through Friday (excluding some U.S. national holidays). Golden also has information related to the event available on its website at https://www.goldenent.com. You may also write to Golden Entertainment at 6595 S. Jones Blvd., Las Vegas, NV 89118.
Source: PR Newswire
Comment: Golden Entertainment does not indicate whether any ransom demand was received. Nor do they mention what threat actors were involved (if they know), or how many people are being notified. If the health information was related to a health plan Golden Entertainment offers employees, this may show up on HHS’s breach tool at some point.