Don Laughlin’s Riverside Resort Casino data breach affects over 55,000 customers

Don Laughlin’s Riverside Resort Hotel & Casino has disclosed a data breach that compromised the personal information of more than 55,000 customers. The resort, located in Laughlin, Southern Nevada, began notifying affected individuals and state attorneys general on September 5, following the discovery of a breach that seemingly took place on July 24, 2024.

The unauthorized party reportedly gained access to sensitive information, including names and Social Security numbers. In response to the breach, Riverside immediately engaged cybersecurity and data privacy experts to investigate the situation.

Matthew Laughlin, Assistant General Manager of Riverside Resort, outlined the company’s response in a notification letter sent to affected customers. "Upon detecting this incident, we moved quickly to initiate an investigation,” Laughlin wrote. "We promptly disabled all relevant accounts and worked with our third-party specialists to confirm the security of our environment."

Though Riverside has not received any reports of misuse of the stolen information, the casino has advised customers to monitor their credit scores and notify financial institutions of any suspicious activity. Free credit monitoring services are being offered to those impacted by the breach.

The hack extends beyond Nevada, affecting residents of Arizona, California, and even reaching the East Coast, with notifications sent to individuals in Massachusetts, New Hampshire, and Vermont.

Riverside has not disclosed whether a ransom was demanded or paid in connection with the breach, similar to previous incidents involving major casino operators. Last year, MGM Resorts suffered losses exceeding $100 million after refusing to pay a ransom, while Caesars Entertainment opted to pay $15 million to restore its systems following a cyberattack.

The Riverside data breach is the latest in a series of cyberattacks targeting the U.S. gaming industry. The FBI has issued warnings to casinos, particularly tribal operations, about the rising threat of cyberattacks. With the recent high-profile breaches at MGM and Caesars, concerns over cybersecurity in the gaming sector have escalated.

A class-action lawsuit has already been filed against Riverside, accusing the casino of negligence and breach of contract. The lawsuit, brought by a Massachusetts resident, seeks damages and further relief through a jury trial. Riverside has yet to comment on the lawsuit.