Casino customers' personal data stolen

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://seattletimes.com/html/localnews/2020024601_skagitcasinio31m.html

BOW, Skagit Valley — Some customers of Skagit Valley Casino Resort can
qualify for credit-report monitoring after their personal information
was stolen from one of the casino's vendors.

The unencrypted customer information was stolen from a Bally
Technologies software engineer's home office, said Harry Chesnin,
general counsel for the Upper Skagit Indian Tribe. The tribe owns and
operates Skagit Valley Casino Resort.

Information was sent to Bally to be tested with new technology, he
said. That information is usually encrypted with a computer program,
Chesnin said, but some of the information was not encrypted.

In late October, the engineer's apartment in the Las Vegas area was
broken into. Computers, jewelry and televisions were stolen, as was
the unencrypted information, Chesnin said.

The thieves were more than likely after the items and not the
information, he said. Computers would have had their hard drives wiped
before an illicit sale to prevent tracking the information back to the
theft, he said.

The Skagit Valley Casino did not learn of the theft until Nov. 29, a
month after it occurred. Last week the casino sent a letter to
customers who may have been impacted.

"Even though we haven't had any indication that there's been any kind
of problem or breech, we thought we had better alert some of our
customers," Chesnin said. "We're always mindful of security issues.
Quite frankly, we have to rely on Bally's because they have the
technology and it was a lapse on their part. I'm fairly sure they
learned their lesson as well."

Bally has not informed the Skagit Valley Casino if any information
from other casinos was stolen, Chesnin said. The theft was reported to
police in the Las Vegas area.

Repeated calls to Bally officials were not returned Thursday and Friday.

The Bally Technologies website says the company is the oldest
slot-machine manufacturing company in the world and was founded in
1932. Bally (BYI) is also the first gaming company to be traded on the
New York Stock Exchange. The company, based in Las Vegas, has 25
offices around the world and employs about 2,800 people.

The casino's letter to customers suggests that people monitor their
credit reports for questionable activity. The casino also sent letters
to customers with a free one-year membership to protect their
information.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.