In December 2022, Rancho Mesquite Casino, also known as Eureka Casino Resort and Eureka Mesquite, a land-based casino in Nevada, had a data breach during a ransomware attack that resulted with personal information of 230K individuals ending up in hands of criminals.
Personal names and social security numbers have been leaked, with some sources claiming other information such as bank accounts, card numbers and drivers licence numbers have been leaked too.
It appears the Rancho Mesquite Casino failed to maintain adequate data security, which makes them legally responsible for the data breach. At least that’s what the class action suit that was filed at the beginning of March 2023 in a US District Court for the District of Nevada claims.
On November 9, 2022, the Rancho Mesquite Casino was the victim of a cyber attack that encrypted some of their sensitive information that belong to almost 230,000 casino customers and current and former company employees.
The company reacted over a month later and sent a letter to those whose personal information was known to be exposed over the course of the several days of the hacker attack.
During the attack, the casino’s systems were “encrypted by an unauthorized actor“, Eureka Security, an Israeli-based cloud data security provider said after the incident.
“Upon discovering the incident, we immediately took steps to secure our systems, began an investigation, and a cybersecurity firm was engaged to assist“, said the Rancho Mesquito representative in the email to the affected parties, further telling them that “although the investigation is ongoing, we identified certain data that the unauthorized actor accessed during the incident.”
“We began a review of the data and identified that the data included some of your information,”, the letter concludes and claims that the data exposed included personal names and social security numbers, though it was later revealed other information may have leaked too.
The company opened a dedicated phone line and offered one year of credit monitoring to those affected by the data breach.
If you recently visited Rancho Mesquite or have worked or still work there, the chances are your name and social security number have been revealed to cyber criminals. Some other information may have been compromised, such as drivers licence numbers, bank account numbers and credit and debit card numbers.
If you are among the people whose information was stolen, then you would have received an email from Eureka on December 16, 2022 or/and on February 16, 2023, letting you know that your information has been compromised.
If you haven’t received an email, then chances are, you’re fine.
If this was the case and your personal information have been leaked, this puts you at an increased risk of identity theft, ransomware attacks and other cyber attacks. If your Social Security Number is leaked, assume the worst – that the criminals have access to all your information now. And then take steps to protect yourself.
It would be wise to keep an eye on all your bank and credit card accounts, change all your passwords including email and any financial services (using very strong passwords), and generally start paying attention to your personal information and don’t disclose them to anyone.
It would be good to call your bank to ask how can they protect you from any wrongdoing since your information is known to be exposed to criminals. They will probably have some sort of plan for protection of your funds, and will at least put you on some sort of a fraud monitor and will call you back if anything suspicious happens.
The biggest danger comes from criminals using your information to bill stuff to your name, such as medical services, loans, utility bills, and the like. They will input your name, SSN and bank or credit card information and have you pay for the things they use.
There is almost no way to protect yourself from fraud, the only thing that you can do is to keep a watchful eye and immediately file a report to the authorities if anything seems wrong.
Rancho Mesquite owns the Rising Star Sports Ranch Resort in Mesquite and The Brook in Seabrook, NH. It also operates the Eureka casinos in Las Vegas and Mesquite, although these properties have separate ownership, and their data structure wasn’t affected by the breach.
Eureka Casino was sold to employees in 2015, with an employee share option scheme (ESOP) set up in 2016. Which apparently is a problem in its own right, as you’ll read below.
The class-action lawsuit was initiated by a California resident who claims his personal computer was part of a ransomware attack due to the casino security breach. The lawsuit accuses the company of failing to provide the affected with timely and adequate notice.
The class-action lawsuit further accuses Rancho Mesquite Casino of negligence, breach of contract and other counts. The accusation is that the security measures were inadequate, as this company held the sensitive personal information and didn’t protect them adequately.
The lawsuit asks for monetary damages for class members and for the company to be ordered to strengthen their security policies.
“Plaintiff and class members now face substantial risk of out-of-pocket fraud losses such as loans opened in their names, medical services billed in their names, tax return fraud, utility bills opened in their names, credit card fraud, and similar identity theft,” documents in the lawsuit said.
Interestingly, there is another lawsuit going on, as the former owners of the Rancho Mesquite Casino sold the shares to ESOP (Employee Stock Ownership Plan) back in 2015 for allegedly more than the fair market value. Which means that the employees may only sell their shares at a loss. Any current or former employee of Rancho Mesquite may still join the lawsuit free of charge.