Hackers obtain personal data from 200K+ in southern Nevada casino data breach, class-action lawsuit says

Hackers obtain personal data from 200K+ in southern Nevada casino data breach, class-action lawsuit says

Posted on

Class-action lawsuit filed after 2022 data breach

LAS VEGAS (KLAS) — A class-action lawsuit filed Wednesday alleges a southern Nevada casino’s computer systems were left vulnerable to a cyberattack, leaving the personal information of more than 200,000 customers and employees exposed, court documents said.

A hacker was able to access the sensitive information involving Rancho Mesquite Casino over several days in November 2022, documents said. Information accessed included full names and Social Security numbers.

The company operates the Rising Star Sports Ranch Resort in Mesquite, the Eureka Casino in Las Vegas and The Brook in Seabrook, New Hampshire, its website said. Two of the company’s properties were affected, documents said.

The class action, filed in Las Vegas court, alleges the company failed to provide “to provide timely and adequate notice” about the breach. The originating plaintiff is a California resident who said his computer was part of a ransomware attack, documents said.

A document in the filing, provided by authorities in Maine, said the company mailed notices of the breach in December 2022. The company was offered a dedicated phone line and one year of credit monitoring.

“On November 9, 2022, Eureka experienced a cybersecurity incident during which some of our systems were encrypted by an unauthorized actor,” a letter sent to those affected by the breach and included in the filing said. “Upon discovering the incident, we immediately took steps to secure our systems, began an investigation, and a cybersecurity firm was engaged to assist. Although the investigation is ongoing, we identified certain data that the unauthorized actor accessed during the incident. We began a review of the data and identified that the data included some of your information. Specifically, the data included your name and Social Security number.”

The lawsuit alleges the company failed to encrypt the sensitive information.

“Simply put, plaintiff and class members now face substantial risk of out-of-pocket fraud losses such as loans opened in their names, medical services billed in their names, tax return fraud, utility bills opened in their names, credit card fraud, and similar identity theft,” documents said.

The lawsuit accuses the company of negligence, breach of contract and other counts. It asks a jury to award class members monetary damages and order the company to implement further security measures.

The company did not respond to repeated requests for comment.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *