A major casino resort based in Canada has issued a warning to its customers and employees after a hacker claimed to have stolen over a decades' worth of sensitive information from its computer networks – including payroll data and social insurance numbers.
In a statement posted online on 10 November, the Casino Rama Resort said it had enlisted the help of law enforcement after a hacker contacted it and claimed to have compromised a slew of data — of employees both past and present — between 2004 and 2016.
In a lengthy list of stolen data, the statement said the cyberattack resulted in the potential loss of financial reports, security documents, emails, credit enquiries, debt information, vendor listings, employee contracts, payroll data, social insurance numbers and dates of birth.
"Casino Rama Resort has advised customers, employees and vendors to monitor and verify all bank accounts, credit card and other financial transaction statements and report any suspicious activity to the appropriate financial institution," it added.
Casino officials, who learned of the breach on 4 November, said there is "no indication" the hacker still has access to its networks but "it is possible" the stolen information may be published online in the future.
The statement said no casino games were affected in the suspected cyberattack. "The situation at Casino Rama Resort did not affect games on the casino floor," it explained. "Game performance and set-up are independent of other Casino Rama Resort networks."
"Data security is a top priority for Casino Rama Resort, and we take our responsibility to protect our customers', employees' and vendors' personal information very seriously," it continued. "Our internal teams have been working with cybersecurity experts around the clock."
In an email to local media, Casino Rama spokesperson Jenna Hunter said that over the past week the business had been working with law enforcement, including the Royal Canadian Mounted Police (RCMP), "to mitigate any potential action by the hacker" including the release of the details".
"[We] are releasing the information as we did not want to wait any longer before informing potentially affected parties," she added.
J. Paul Haynes, chief executive of Canada-based security firm eSentire, said: "Usually the information ends up for sale on the Dark Web. In this case like this, where hackers have targeted and obtained sensitive personably identifiable information like social insurance numbers and credit information, the effects of a breach can be felt for months and sometimes even years."