Date: January 7, 2025, Time: 03:29
Last updated on: January 7, 2025, Time: 03:29
Rivers Casino Philadelphia has confirmed that its systems containing sensitive employee information were breached last autumn.
In a communication to its employees, the casino, under the ownership of Rush Street Gaming, confirmed a “data security incident” that could have exposed personal details. The communication mentioned that Social Security numbers and bank account details used for direct deposit by staff may have been accessed by unauthorized individuals.
We apologize for any inconvenience or anxiety caused by this incident,” the communication read. “Rivers Casino Philadelphia understands the importance of safeguarding the personal information in our possession.
Officials from Rush clarified that no other Rivers casinos were affected. Affected employees at Rivers Philly are being offered a one-year credit monitoring service. The company has also implemented additional security measures to enhance the protection of its IT network.
Situated along the Delaware River, Rivers Casino Philadelphia, formerly known as Sugar House, boasts over 1,500 slot machines, 70 live dealer table games, and a BetRivers Sportsbook. The casino recently established a partnership with nearby Riversuites at The Battery hotel.
Insufficient Details
Rivers did not disclose whether the breach resulted in employee information being shared on the dark web, if any ransom was demanded, the estimated number of affected employees, or if guest data was also compromised.
The communication only mentioned that the breach involved unauthorized access. Responding to a query from The Philadelphia Inquirer, Rivers spokesperson, Jack Horner, stated that the “unauthorized actor accessed and/or extracted certain files stored on our computer servers.”
Numerous law firms are actively pursuing the possibility of a class-action lawsuit. Attorneys speculate that employees who received such notifications could be eligible for financial compensation.
One of the largest settlements from a data breach occurred in September 2017 when Equifax confirmed that a cyberattack led to the theft of personal information from 147 million individuals. The consumer credit reporting agency agreed to a $425 million settlement to reimburse those affected for their expenses and time spent addressing the situation.
Casinos Prime Targets
The US commercial and tribal gaming sectors are attractive targets for hackers. With vast data on millions of players, ransomware incidents have significantly increased over the past decade, according to federal law enforcement agencies.
Following the cyberattacks on MGM Resorts and Caesars Entertainment in 2023, the FBI issued a Private Industry Notification to the casino industry, warning that gaming operators remain popular targets. The agency urged casinos to review its recommendations for enhancing IT system security.
The FBI highlighted several emerging trends within the ransomware space and released the notification to raise industry awareness,” read the July 2023 warning. “New trends included ransomware actors exploiting vulnerabilities in vendor-managed remote access to casino servers and companies being victimized through legitimate system management tools to boost network permissions.
MGM and Caesars fell victim to “social engineering,” where individuals are deceived into providing access to a computer network or server. Caesars paid a ransom of $15 million to protect its Las Vegas operations, while MGM’s decision not to pay resulted in over $100 million in lost revenue.