Canadian Underwriter
News

Two customers spearhead class action lawsuit against casino over hacking of private data


November 15, 2016   by Colin Perkel - THE CANADIAN PRESS


Print this page

TORONTO – Two gamblers who allege their privacy was breached are spearheading a proposed class action against an Ontario casino whose databases were hacked.

Security Concept.In a notice of action, they also alleged Monday that Casino Rama, north of Toronto, unjustly enriched itself at the expense of the claimants.

In the allegations contained in the notice, Leonid Kaplan, of Barrie, Ont., says he provided casino staff with copies of his driver’s licence and credit card when he went there to gamble in September.

Kaplan says he received an email by the CEO of Casino Rama, John Drake, on November 10 with the subject line: “Unauthorized Access to Personal Information.”

The email stated that the organization had been the “victim of a cyberattack that resulted in the theft of past and present patron, employee and vendor information.”

The casino publicly confirmed the attack last week but did not say exactly when it occurred or over what period.

The other proposed representative plaintiff, Cheryl Mizzi, of Stouffville, Ont., says she and her husband regularly went to Casino Rama starting in 1999. They last visited in 2015. She, too, provided various forms of identification.

Neither proposed plaintiff have said what losses, if any, they incurred as a result of the privacy breach.

The lawsuit also names Ontario’s gaming commission, the Penn National Gaming and its Ontario subsidiary, which run the casino, and the Chippewas of Rama First Nation where the facility is located.

The suit, which has yet to be certified as a class action or tested in court, seeks $50 million in damages as well as another $10 million in punitive damages.

Lawyer Ted Charney said Monday the “unjust enrichment” claim arises from the casino generating revenues from gambling when customers thought reasonable security measures were in place to protect privacy.

Related: Ontario’s Casino Rama victim of cyberattack affecting customer, employee and vendor information

“The casino elected not to invest in adequate staff and technology while collecting gambling revenues, promising to provide adequate security measures,” Charney said.

The suit also alleges the defendants breached contracts and violated consumer laws.

A Casino Rama spokeswoman did not address the allegations, but said Monday the organization was working with the authorities on the ongoing investigation.

“We are limited in how much detail we can provide,” Jenna Hunter said. “We deeply regret this situation and recognize the seriousness of the issue.”

Casino Rama Resort warned its customers, vendors as well as current and former staff last Thursday to keep an eye on their bank accounts, credit cards and other financial information.

The casino said it had “recently” discovered becoming the victim of a cyberattack that resulted in the large-scale data theft.

Stolen data appeared to include internal financial and security-incident reports, emails, payroll data, client information, social insurance numbers, and dates of birth, according to the casino.

“The hacker claims that the employee information dates from 2004 to 2016, and that some of the other categories of information taken date back to 2007,” the casino said in a statement.

The resort, which has 2,500 slot machines and more than 110 gaming tables, said the games themselves weren’t hacked.

Located on Rama First Nation, the casino opened 20 years ago.