Posted on: March 6, 2023, 06:32h.
Last updated on: March 6, 2023, 06:32h.
Nevada-based Rancho Mesquite Casinos “failed to maintain an adequate data security,” which led to the theft of the personal information of over 200,000 customers and employees. That’s according to a class-action lawsuit filed last week in a US District Court for the District of Nevada.
The company’s systems were hit by a “massive” cyberattack for several days from around November 9, 2022. This resulted in hackers accessing personal data, including full names, Social Security numbers, and driving license numbers. But it’s possible additional sensitive data may have been involved, including financial account numbers and debit and credit card numbers, the suit claims.
Rancho Mesquite owns the Rising Star Sports Ranch Resort in Mesquite and The Brook in Seabrook, N.H. It also operates the Eureka casinos in Las Vegas and Mesquite, although these properties have separate ownership and data structure and were not affected by the breach.
Eureka casinos was sold to employees in 2015 with an employee share option scheme (ESOP) set up in 2016.
A Month Too Late
Not only were the company’s data protection and cyber security protocols inadequate, according to the lawsuit, but it also failed to notify customers of the breach in a timely manner.
Impacted individuals were warned that their details had been compromised on or about December 9, 2022, a month later. It’s the kind of delay that can prove costly, according to research by US nonprofit consumer group Consumer Reports
One thing that does matter is hearing about a data breach quickly. That alerts consumers to keep a tight watch on credit card bills and suspicious emails,” the group said. “It can prompt them to change passwords and freeze credit reports…. If consumers don’t know about a breach because it wasn’t reported, they can’t take action to protect themselves.”
The plaintiff claims the breach has exposed customers to potential fraud now and in the future, as well as nuisance spam phone calls and text messages and phishing emails.
“Simply put, plaintiff and class members now face substantial risk of out-of-pocket fraud losses such as loans opened in their names, medical services billed in their names, tax return fraud, utility bills opened in their names, credit card fraud, and similar identity theft,” asserted the lawsuit.
The complaint accuses the company of negligence and breach of contract. It asks a jury to award class members monetary damages and to order the Rancho Mesquite to tighten its security measures.
The company has not responded to requests for comment.