In November, 2016, Casino Rama in Ontario disclosed that it had been hacked. Shortly thereafter, we learned that some of that data had already been leaked online. The hackers, who signed themselves as “Anonymous Threat Agent,” wrote that the breach was “extremely simple” and that “no security systems were in place leaving the whole casino network wide open.”
At that time, the hackers dumped about 14,000 records related to almost 11,000 people, while claiming that they had another 150 gigabytes of data.
Not totally surprisingly, the casino is facing a class-action lawsuit. In June, 2018, the casino got an adverse ruling from the court, which held that the casino would have to hand over a computer forensics investigation report to the plaintiffs.
In the latest development, Colin Perkel reports that lawyers for the plaintiffs are claiming that as many as 200,000 people may have had their personal information stolen — an allegation that the casino denies, claiming that at most, 10,000 – 11,000 were impacted.
The plaintiffs may find some help in a recent report by the Ontario Privacy Commission on the results of that office’s investigation into the incident. And that report is the first the public has seen of any of the details of the hack. Of note, the report makes clear that this was a phishing attack that some employees fell for, but even when the attack was reported up the chain by alert employees, the casino may not have taken sufficient countermeasures to block the attackers from connecting remotely from a Russian IP address and transferring files to DropBox. By the time the casino really blocked remote access and exfiltration of data, 39 casino systems had been compromised.
In response to the plaintiff’s lawyer’s claims, the casino’s lawyer told the court that the privacy commissioner’s office did not have full details and their report shouldn’t be relied upon to determine how large the potential class-action class should be.
The court will likely decide the scope of class issue in May, but there will be a lot more to come in this case.
In the meantime, watch this space next week for a follow-up on another Canadian hack that may give you a feeling of deja vu. And yes, spoiler alert: I think it is the same threat actor group, just calling themselves by a different name. Stay tuned.