Hackers scored a potential jackpot at Illinois’ biggest casino over the summer in a cyberattack that gained access to the sensitive personal information of numerous gamblers and employees.
Rivers Casino in Des Plaines alerted customers Thursday to the data breach, which happened in mid-August but wasn’t discovered until earlier this month.
Dates of birth, driver’s license numbers and even Social Security numbers “may have been accessed or removed” from the casino’s network, among other vital information.
Leaders of the northwest suburban gaming emporium say there hasn’t yet been any sign of fraud or identity theft as a result of the breach, but the data could be dangerous in the wrong hands.
On Nov. 2, the casino discovered the “unauthorized access” to files with personal data, which happened “on or around” Aug. 12.
Phone numbers, email addresses, home addresses, dates of birth, driver’s license and government ID numbers were vulnerable for both casino employees and gamblers, including online sportsbook customers.
For a “limited number” of them, financial account numbers, tax ID numbers, Social Security numbers and passport numbers were also affected, according to Rivers.
A Rivers spokesman wouldn’t say how many people might be affected. Gamblers made more than 273,000 visits to the casino in the month leading up to the hack, according to Illinois Gaming Board records. Almost 300,000 sports wagers were placed online in July.
“We do not believe customer passwords or payment card information was affected by this issue,” the casino said in a statement.
It’s unclear who was behind the attack. The FBI issued a “private industry notification” this month to casinos nationwide warning of ransomware hackers tricking workers into letting them into their networks “through legitimate system management tools.”
The casino — which has made nearly $450 million this year, by far the most in the state — said it “promptly took steps to contain the threat and secure our systems, avoiding any interruption to our operations or in the services we provide to our customers.” It also enlisted a cybersecurity firm to investigate.
Rivers said it “utilizes robust security protocols,” and they “share in any frustration this incident may cause.”
The casino has set up a hotline for more information for those who might be impacted: 866-983-3108, available 8 a.m. till 5:30 p.m. Monday through Friday.
