Rivers Casino Des Plaines, Illinois said Thursday it suffered a cyberattack over the summer that compromised the private data of an undisclosed number of patrons and employees. While the attack occurred “on or around” August 12, it was only uncovered in early November, the casino said in a statement.
Rivers Casino in Des Plaines, above. The Rush Street-owned property said it had been breached by a cyberattack in August that compromised sensitive customer information. (Image: Journal and Topics)
Compromised information includes names, contact information such as phone numbers and email addresses, and driver’s license and government ID numbers.
The Rush Street Gaming property warned that hackers may also have obtained financial account, tax identification, Social Security, and passport numbers for a limited number of customers.
Passwords Safe?
The casino said it doesn’t believe customer passwords or credit card information have been affected by the issue.
Passwords are particularly valuable to hackers who can sell them on mass to fraudsters via the dark web for use in “credential stuffing” schemes. This is where the fraudster uses stolen credentials to gain access to accounts on different platforms where the user has the same password.
Rivers declined to say how many customers may have been impacted by the breach. According to Illinois Gaming Board records, there were 273K visits to the casino in the month leading up to the attack and almost 300K bets placed at its sportsbook, whose customers were also affected.
“Casino Des Plaines utilizes robust security protocols.” the casino wrote in the statement. “Unfortunately, we recently discovered a data security incident. Upon learning of the incident, Rivers promptly took steps to contain the threat and secure our systems, avoiding any interruption to our operations or in the services we provide to our customers.”
It added that it had hired a specialist cybersecurity firm to investigate the breach.
Spate of Attacks
It’s unclear who was behind the attack, which is the latest in a spate of high-profile cybercrimes targeting casinos. In September, the systems of both MGM Resorts and Caesars Entertainment were breached by hackers who caused major disruption, particularly to MGM, which refused to pay a ransom.
Caesars was able to regain access to its systems after paying around $15 million to have normal services restored. MGM was ultimately able to suppress the threat after several days of disruption, which resulted in an estimated $100 million worth of damage.
The attacks were attributed to a hacking group variously known as “Scattered Spider,” “Octo Tempest,” or “the Com,” which is currently being investigated by the FBI.
Earlier this week, several cybersecurity executives whose firms have been tracking Scattered Spider complained of a lack of arrests, despite members of the collective being “known” to the agency.
The post Rivers Casino Des Plaines Customer Info Compromised in Cyberattack appeared first on Casino.org.
