The management of the Chatham-based Cascades Casino has warned former and current employees that their personal information may have been accessed as a result of a recent cybersecurity attack that saw the casino venue cease operation for a few weeks.
Last week, casino staff received a letter from the company about possible unauthorized access to their personal information. In its letter to former and current casino workers, the company stated that it was not aware of whether their personal information was misused at the time.
In a statement, the owner of Cascades Casino said that the company took immediate steps to contain the incident, including closing its locations across the province of Ontario and cutting Internet access. In order to help make sure that its employees’ personal information is not used inappropriately, Gateway Casino and Entertainment is providing its workers with an identity theft protection and credit monitoring plan for 12 months free of charge.
The investigation of the cybersecurity breach is still underway to determine whether any personal information of customers had been impacted. In its statement, Gateway noted that the independent forensic investigation that has been going on since April 16th has not unveiled the theft of any personal information of casino patrons.
Ritesh Kotak, a cybersecurity expert, explained that once a cybersecurity breach takes place, sensitive information is technically accessible in cyberspace, and cybercriminals can use it. They usually try to sell the customers’ information to third parties because such data does not have any practical value but doing so automatically means that individuals could be subject to various issues as a result of personal data theft.
Gateway Casino Had to Close Ontario Locations Following the Cybersecurity Breach
Apart from lifting the curtain in terms of the investigation, Gateway Casino and Entertainment also shared that it is keeping local regulators, law enforcement, and privacy commissioners up to date with the ongoing investigation into the cybersecurity breach.
As previously reported by CasinoGamesPro, on April 16th, the gambling operator became aware of a cyberattack that made some of its systems inoperable. As mentioned above, the company was forced to shut down all of its locations across the province of Ontario and also cut internet access as part of the measures aimed at tackling the potential damage inflicted on its customers and/or employees. Since then, the casino chain has reopened its venues gradually and is currently working to restore its IT systems.
As explained by Mr. Kotak, there are three main steps that companies need to take following a cyberattack. First, they need to take all of their systems offline in order to make sure exactly what data is compromised and what may have happened as a result of the breach. Then, it needs to appoint some specialists to look at logs and test systems without going back online while the potential vulnerabilities are still there for the company and its customers. Last but not least, continuous testing and vulnerability assessments need to take place in order to make sure that the system can be safely brought back online and that similar breaches do not occur in the future.