CTV reports:
A proposed class-action lawsuit seeking $60 million in damages against Casino Rama following a cyber-attack has been denied.
Lawyers for the plaintiffs argued as many as 200,000 people might have had their personal information stolen in the hack, including employees and patrons.
In November 2016, the casino announced it had been the victim of a cyber-attack through which a large quantity of personal information was stolen from two of its servers.
Names, addresses, gambling history, workplaces and incomes were posted online in November. In all, the hacker published about 11-thousand files but threatened to release a lot more.
The Ontario Superior Court Justice Edward Belobaba ultimately decided not to certify the case, ruling the information wasn’t sensitive and
This was a hack that this site has reported on a number of times. The threat actors appear to be the hacking group that Mandiant has boringly named “FIN10.” They have hit a number of casinos and mining companies over the past years.
I’m not quite sure I agree with the court that the information wasn’t sensitive. Among the leaked data were records involving customer debt and a collection agency. Other records involved customers’ betting histories. How is that not potentially embarrassing or sensitive? What about employee reviews where there were negative comments?
I’m betting (no pun intended) that Casino Rama is relieved by the ruling.
Gambling history falls under health in Quebec (if excessive), thus considered sensitive health data. Should be same in Ontario.
Reveals if a person has an addiction (health issue).
Customer debt = sensitive information.
Incomes = sensitive information.
Employee reviews = sensitive.
So, hm, I think this should be appealed.This judge is an idiot (lack of a better word).