Published on: June 3, 2026, 10:58h. 

Updated on: June 3, 2026, 10:58h.

• A recent class-action lawsuit has been filed alleging that Station Casinos did not adequately protect customer data during a cyberattack in March 2026
• The lawsuit claims that the casino company’s deficient security measures permitted unauthorized access to sensitive personal information
• This incident marks Station Casinos as the fifth major Nevada casino operator to experience a notable cyberattack since 2023

A woman from Clark County has initiated a class-action lawsuit in federal court against Station Casinos, accusing the local casino operator of failing to protect customer data that was compromised during a cyberattack disclosed in March 2026.

As reported by the Las Vegas Review-Journal, plaintiff Susan Geiner filed her complaint on Thursday, May 29, in the U.S. District Court of Nevada, both personally and on behalf of other customers who may have been impacted by the breach. Red Rock Resorts Inc., which owns Station Casinos, is named as the defendant.

Following the breach notification sent to potentially affected clients on May 21, 2026, Station confirmed the incident to the cybersecurity platform Cybernews a day later, providing free credit monitoring and identity theft protection to those affected.

Represented by the Las Vegas-based Freedom Law Firm and Pennsylvania’s Ahdoot & Wolfson, the lawsuit contends that Station Casinos should have anticipated the vulnerabilities of its customer data and enhanced its security measures.

“The hospitality and gaming sectors are key targets for ransomware attacks due to the vast amounts of sensitive data they manage, such as Social Security numbers, financial records, and personal identification,” the lawsuit outlines. “Such data holds immense value on the black market, where it can be exploited for identity theft and fraud. This high demand renders hotels and casinos particularly attractive to cybercriminals.”

The complaint further claims that Station’s internal security protocols were insufficient and failed to recognize the breach as it transpired.

“The ability for hackers to carry out obvious, disruptive actions without being detected strongly indicates that the defendants did not implement or maintain the necessary monitoring and alerting systems, including endpoint detection and response capabilities, to identify malicious actions promptly and enable cybersecurity personnel to mitigate or halt the attack,” the filing notes.

Geiner seeks a jury trial along with “appropriate monetary relief, including actual and statutory damages, equitable relief, restitution, disgorgement, and statutory costs,” as stated by the R-J. Her lawsuit also proposes that the court necessitate Station Casinos to bear the expenses related to notifying all class members and managing any claims process, alongside prejudgment and post-judgment interest, legal fees, and any additional relief the court may consider appropriate.

Station Casinos operates various venues including the Red Rock Casino Resort Spa, Green Valley Ranch Resort Spa Casino, Palace Station Hotel & Casino, Boulder Station, Sunset Station, and Durango Casino & Resort in Las Vegas.

This breach marks Station Casinos as the fifth significant local casino operator to endure a cyberattack within a short span of three years. Wynn Resorts reported an attack in October 2025 in February 2026; Boyd Gaming faced one in September 2025; MGM Resorts International was severely affected by a prominent intrusion in September 2023; and Caesars Entertainment suffered a breach in August 2023.