Posted on: December 14, 2023, 09:58h.
Last updated on: December 14, 2023, 09:58h.
Rivers Casino Des Plaines in Illinois is facing a proposed class-action lawsuit for its role in an August cyberattack that resulted in thousands of individuals having their data seized.
Filed in Illinois’ Northern District federal court, attorneys representing the class plaintiffs, which already includes over 100 individuals, allege negligence on the casino’s behalf for failing to properly secure its IT network. The lawsuit seeks damages, restitution, and injunctive relief for the class.
Rivers was the victim of a cyberattack that casino reps said occurred around Aug. 12. The incident, however, was only uncovered in early November. Rush Street Gaming, the Chicago-based parent company of the casino, said employee and patron names and their sensitive information, including Social Security and passport numbers, were compromised.
Lead plaintiff Michael Glebiv claims his information was part of their seizure, and says he wouldn’t have patronized Rivers Casino Des Plaines and entrusted his personal information with the business “had he known that Rivers Casino would fail to maintain adequate data security.”
Cyberattack Details
Rivers Casino Des Plaines suffered an unauthorized entry of its IT network in what appears to be a similar incident to the cyberattacks levied recently against MGM Resorts and Caesars Entertainment. An international group of hackers identified as Scattered Spider took credit for the MGM and Caesars onslaughts.
The Rivers cyberattack did not disrupt operations, as the casino operated as normal on Aug. 12 and the surrounding days. A cybersecurity firm investigating the breach does not believe credit card information was stolen.
However, hackers obtaining personal information like tax identification numbers and government IDs pose significant identity theft risks for the impacted workers and customers, the lawsuit alleges.
Data thieves regularly target companies like Defendant’s due to the highly sensitive information that they custody. Defendant knew and understood that unprotected personal identifiable information is valuable and highly sought after by criminal parties who seek to illegally monetize that PII through unauthorized access,” the lawsuit contends. “The ramifications of Defendant’s failure to keep secure the PII of Plaintiff and Class Members are long-lasting and severe. Once PII is stolen — particularly Social Security numbers — fraudulent use of that information and damage to victims may continue for years.
The class-action suit includes five counts, including negligence, negligence per se, breach of implied contract, unjust enrichment, and violation of the Illinois Consumer Fraud Act.
Rivers Denies Responsibility
Rush Street Gaming has not yet filed its legal response to the allegations made in the class-action lawsuit. But the company said in announcing the data breach last month that it “utilizes robust security protocols” and took immediate steps to “contain the threat and secure our systems” upon detection of the incident.
Rush maintains that there’s “no indication of financial fraud or identity theft related to this incident.” The casino is offering complimentary identity monitoring and protection services for those who might have been impacted by the data breach.
The casino is assisting the impacted class with placing a Fraud Alert and Security Freeze on their credit files and obtaining free credit reports. The casino has also set up a dedicated and confidential toll-free response line for questions about the incident at 866-983-3108.