Hackers stole customers' personal data from Rivers Casino's systems

Philadelphia-based casino chain Rivers Casino said that it experienced a major data security incident in November that compromised its customers’ personal and financial information, including their bank account details.

 

Opened in 2010 and formerly known as SugarHouse Casino, Rivers Casino Philadelphia is a casino entertainment development with casinos, hotels, restaurants and concert locations in Philadelphia, Pittsburgh, Portsmouth, New York, and Chicago.

 

In a data breach incident notice sent to affected customers, the stand-alone casino chain said that in November last year, it identified unauthorised access to certain Rivers Casino Philadelphia computer systems. The casino immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“Through the investigation, we determined that an unauthorised actor accessed and/or took certain files stored on our computer servers,” it said.

 

The compromised data included names, Social Security numbers, and bank account information used for direct deposit. According to Comparitech, the personal data of at least 8,151 individuals was compromised during the incident. The casino confirmed that no other Rivers Casino locations were impacted by the incident.

 

“To help prevent another incident from occurring, we have implemented additional security measures to enhance the security of our network,” Rivers Casino added.

 

The casino has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services to all affected individuals.

 

Recently, a hacker group going by the name “Cicada3301” claimed responsibility for the cyber attack on Rivers Casino and listed it as a victim on its data leak site. The group claimed to be in possession of 2.56 TB of data stolen from Rivers Casino Philadelphia and its developer, Rush Street Gaming. It has given the casino a deadline of February 15 to pay a ransom, threatening to leak the stolen data if the ransom isn’t paid.