Posted on: March 6, 2023, 06:32h.
Last updated on: March 6, 2023, 01:48h.
Nevada-based Rancho Mesquite Casinos “failed to maintain adequate data security,” which led to the theft of the personal information of more than 200K customers and employees. That’s according to a class action lawsuit filed last week in a US District Court for the District of Nevada.
A “massive” cyberattack hit the company’s systems for several days around Nov. 9, 2022. This resulted in hackers accessing personal data, including full names, Social Security numbers, and driving license numbers. Additional sensitive data may have been involved, including financial account numbers and debit and credit card numbers, the suit claims.
Rancho Mesquite owns the Rising Star Sports Ranch Resort in Mesquite and The Brook in Seabrook, NH. It also operates the Eureka casinos in Las Vegas and Mesquite, although these properties have separate ownership, and their data structure wasn’t affected by the breach.
Eureka casino was sold to employees in 2015, with an employee share option scheme (ESOP) set up in 2016.
A Month Too Late
Not only were the company’s data protection and cyber security protocols inadequate, according to the lawsuit. But it also failed to notify customers of the breach in a timely manner.
Impacted individuals were warned that their details had been compromised on or about Dec. 9, 2022, a month after the incident occurred. It’s the kind of delay that can prove costly, according to research by the US nonprofit consumer group Consumer Reports.
“One thing that does matter is hearing about a data breach quickly. That alerts consumers to keep a tight watch on credit card bills and suspicious emails,” the group said. “It can prompt them to change passwords and freeze credit reports …. If consumers don’t know about a breach because it wasn’t reported, they can’t take action to protect themselves.”
The plaintiffs claim the breach has exposed customers to potential fraud now and in the future and nuisance spam phone calls, text messages, and phishing emails.
Simply put, plaintiff and class members now face [a] substantial risk of out-of-pocket fraud losses such as loans opened in their names, medical services billed in their names, tax return fraud, utility bills opened in their names, credit card fraud, and similar identity theft,” asserted the lawsuit.
The complaint accuses the company of negligence and breach of contract. It asks a jury to award class members monetary damages and to order Rancho Mesquite to tighten its security measures.
The company hasn’t responded to requests for comment.