A major Canadian casino has been hit by a cyberattack in which sensitive customer, employee and vendor data was stolen, its management said on Thursday, warning there is a risk the information will be published.
The Casino Rama Resort in Ontario said the hacker claimed to have stolen financial reports, patron credit inquiries, collection and debt information, payroll and other data in an intrusion it first became aware of on Friday.
It said the hacker claims the employee data included social insurance numbers and dated back to 2004, with some other stolen data dating back to 2007.
The casino sits on the Rama First Nation about two-hours drive north of Toronto and has about 3 million visitors a year. Its day-to-day operations are run by CHC Casinos Canada Limited, an indirect subsidiary of Penn National Gaming, under license from the province’s gaming operator.
Penn National did not immediately respond to a request for comment.
The breach is at least the second time this year that a casino that sits on aboriginal land has fallen victim to a hack, following a breach at the River Cree Resort and Casino in Alberta in March.
Casino Rama has more 2,500 slot machines, more than 110 gaming tables, 8 restaurants and a 5,000 seat entertainment venue and an attached 300-room hotel.
The casino had gross gaming revenue of C$348.3 million ($259.3 million) in the fiscal year to end-March 2015, Ontario Lottery and Gaming Corporation spokesman Tony Bitonti said. Casino resorts in Ontario brought in a total of C$1.16 billion in revenue in that period, he said.
Casino Rama said there was no evidence that the hacker was still inside its computer systems, and that it was working with provincial and federal police and private cybersecurity experts to investigate the breach.