Riverside Casino in legal trouble over 55,000 guest data leaked

Riverside Resort Hotel & Casino has come under heavy criticism and legal action after the property admitted that it had suffered a cyber incident that had exposed the confidential information of more than 55,000 guests and customers.

The incident goes back to late July, but state attorneys were only notified in September. The breach is quite significant as the perpetrator(s) was able to gain access to sensitive personal information such as Social Security Numbers and the full legal names of guests.

Hackers secure the personal info of 55,000 Riverside Resort Hotel & Casino guests

Commenting on this case, and submitting the information to the state, Riverside Assistant General Manager Matthew Laughlin said that all impacted customers have been notified about the breach.

Laughlin doubled down on defending the casino’s reputation and argued that the property and company as a whole took data security very seriously.

In reality, casinos have been repeatedly attacked by an outsized force of hackers who have found those establishments to be particularly lucrative, as they provide vast troves of data that can be later used to do attacks of "social engineering," which has been a particularly successful mode of attack even against large casino corporations with billions of dollars in revenue.

Caesars Entertainment and MGM Resorts International have both found themselves amid similar attacks, with consumer data being exposed en masse, including the data of high-ranking government officials. The FTC is looking to sue MGM Resorts International in the data breach case, as the government agency’s Chair, Lina Khan, was one of the impacted people.

As to Riverside, Laughlin added that the casino has been acting swiftly in the matter, launching an investigation as soon as the breach was discovered on July 24, and notifying all relevant parties. Laughlin also added that the company had brought in external specialists to investigate.

This although standard protocol has not shielded the company from a lawsuit that has now been filed with the Nevada District Court. The lawsuit has used rather strong language, emphasizing the fact that the data was private up until being breached, a "bell that cannot be unrung" according to the plaintiff and their representatives.

Casino industry faces intensifying cyber-attacks against prominent properties

However, the lawsuit has the tall order of proving that the casino is at fault. The plaintiff’s line of attack focuses on whether Riverside employees had adequate training to stave off the attacks on the property or identify it early on, with lawyers for lead plaintiff Michael J. Montoya arguing that Riverside Resort Hotel & Casino has deliberately withheld information and failed to properly inform their client about the real impact the cyberattack can have.

AS to the data breach itself, it encompasses several states, as it affects people based not only in Nevada, but similarly in California and Arizona. The Riverside is not an isolated case. The FBI and other governmental agencies have been urging the industry to report to authorities right away so that the fallout could be minimized.

However, the threat of legislation against companies has made them act cautiously and not hurry to notify enforcement agencies before they have consulted and often investigated – internally. The time during which the impacted parties do not know that they were compromised.

Image credit: Riverside Resort Hotel and Casino