Personal Info of 229K Exposed in Las Vegas Casino Breach, Lawsuit Claims

Posted on: February 24, 2023, 05:28h. 

Last updated on: February 24, 2023, 05:29h.

A class-action lawsuit alleges that the personal data of 229K people was exposed when one or more hackers gained entry into an inadequately protected customer database maintained by Rancho Mesquite Casino, Inc.

The Mesquite, Nev. company owns casinos under the Eureka brand in Las Vegas and Mesquite, as well as the Rising Star Sports Ranch Resort in Mesquite, and the Brook in Seabrook, New Hampshire, according to its website. The Eureka in Mesquite made national headlines in 2017 because Mesquite resident Stephen Paddock, perpetrator of the Las Vegas massacre, was reportedly a regular at its video poker machines and card tables.

Eureka Casino in Mesquite, Nev.
The Eureka Casino in Mesquite, reported to be a regular haunt of Las Vegas shooter Stephen Paddock, receives additional unwelcome media attention as its parent company faces a data breach lawsuit. (Image

In the cyberattack, which occurred on November 9, 2022, the names and social security numbers of customers and employees from two of the casino company’s properties were exposed, according to documents obtained by KLAS-TV. The documents didn’t specify which two properties.

The lawsuit, filed in Las Vegas court, accuses the casino company of negligence and breach of contract, alleging that it failed to encrypt the sensitive information, and then failed to provide “timely and adequate notice” about the breach.

According to a document in the filing, from the Maine attorney general’s office, the casino company notified affected customers via a letter sent on December 9, a month after the breach.

“Upon discovering the incident, we immediately took steps to secure our systems, began an investigation, and a cybersecurity firm was engaged to assist,” the letter read. The company offered one year of credit monitoring as compensation.

Monetary Damages, More Security Sought

The lawsuit asks a jury to award plaintiffs monetary damages and order the company to implement additional security measures.

“Simply put, plaintiff and class members now face substantial risk of out-of-pocket fraud losses such as loans opened in their names, medical services billed in their names, tax return fraud, utility bills opened in their names, credit card fraud, and similar identity theft,” case documents read.

The originating plaintiff is reported to be a California resident claiming to be the victim of a subsequent ransomware attack.

Related News Articles


Skriv kommentar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *