Casino Rama says customer, employee and vendor information has been stolen in a cyberattack that targeted the casino’s internal computer systems.

In a statement, the Ontario Lottery and Gaming Corporation (OLG) said the attack was contained to Casino Rama and didn’t affect other casino or gaming facilities in Ontario.

It came to their attention on November 4th when a hacker contacted them.

“Casino Rama Resort deeply regrets this situation and recognizes the seriousness of this issue. Our teams have been working around the clock with cyber-security experts,” John Drake, President and CEO of Casino Rama Resort said in a statement.

“Data security is a top priority for Casino Rama Resort, and we take our responsibility to protect our customers’, employees’ and vendors’ personal information very seriously.”

The OLG says it is working with Casino Rama and the OPP and RCMP, and says affected customers, employees and stakeholders are being notified of the breach.

“OLG is working to ensure that those affected get the assistance they need under these difficult circumstances,” the Crown Corporation said.

The data breach is extensive, with Casino Rama saying hackers “accessed information that includes Casino Rama Resort IT information, financial reports respecting the hotel and casino, security incident reports, Casino Rama Resort email, patron credit inquiries, collection and debt information, vendor information and contracts and employee information including performance reviews, payroll data, terminations, social insurance numbers and dates of birth.”

Cyber-security expert Daniel Tobok said organized crime is usually behind such sophisticated attacks.

“They try to breach an organization, steal a whole bunch of information then hold it ransom. If that doesn’t work they try to embarrass the organization then sell the information on the dark web,” he told CityNews via a Skype interview.

“Hackers have gotten more and more sophisticated,” he adds. “It’s no longer just people that want to cause some havoc or be a pain. It usually involves organized crime and it’s a very lucrative event for them.”

Tobok said affected individuals should take immediate measures.

“You have to go and cancel your credit cards, place credit monitoring on your assets and for the next 90 to 120 days be a little diligent in making sure there’s no funny transactions or anything happening on your accounts,” he said, adding that you should have strong passwords for things like online banking.

CityNews posed the following questions to Casino Rama’s Director of Public Relations, Jenna Hunter:

When was the breach?

We first became aware of the situation on November 4th.

How were you alerted to the breach?

We were contacted by the hacker responsible for the incident following the attack.

How many customers are impacted? How many employees are impacted?

While there is an ongoing investigation we are limited in how much detail we can provide. We deeply regret this situation and recognize the seriousness of this issue and appreciate our customers, employees and vendors patience while we investigate.

Was this a state sponsored hack?

An anonymous hacker has claimed responsibility.

Have all customers and employees been notified?

As a precaution, Casino Rama Resort has advised customers, employees and vendors to monitor and verify all bank accounts, credit card and other financial transaction statements and report any suspicious activity to the appropriate financial institution. Casino Rama Resort deeply regrets the situation and recognizes the seriousness of this issue. While we continue to investigate we appreciate the understanding of our customers, employees and stakeholders.

What cyber safety measures were in place before the attack?

Data security is a top priority for Casino Rama Resort, and we take our responsibility to protect our customers’, employees’ and vendors’ personal information very seriously. Our internal teams have been working with cyber security experts around the clock since we first became aware of the situation on November 4th, 2016 to neutralize the issue and provide further safeguards to our systems.

Is the system secure now?

There is no indication that the hacker continues to have access to the Casino Rama Resort system.

What safety measures will be in place going forward?

Data security is a top priority for Casino Rama Resort, and we take our responsibility to protect our customers’, employees’ and vendors’ personal information very seriously. While the investigation is ongoing, our teams have been working around the clock with cyber-security experts to ensure we take all steps necessary to protect our systems from an attack in the future.

You were notified of the breach Nov. 4 – on what date was the system secured after that notification?

Casino Rama Resort immediately took action upon learning of the threat. We are working with the Ontario Provincial Police, the Royal Canadian Mounted Police, the Ontario Lottery and Gaming Corporation (OLG) and the Alcohol and Gaming Commission of Ontario, and have alerted the Privacy Commissioner of Canada and the Information and Privacy Commissioner of Ontario.

While the investigation is ongoing, our teams have been working with cyber-security experts to ensure we take all steps necessary to protect our systems from an attack in the future.