Many current and former Casino Rama employees are irate with Gateway Casinos after learning their personal information may have been compromised as part of a recent ransomware attack that paralyzed the company's gambling facilities throughout Ontario.
Casino Rama was suddenly shut down on April 16 along with all of the Ontario gambling facilities owned or operated by Gateway. Casino Rama was closed the longest and did not reopen until May 9, leaving most employees out of work for those weeks.
While the doors were closed, Gateway had third-party cyber professionals work to restore the IT system.
On Wednesday, Gateway released a statement updating patrons and employees about fallout from the attack.
“While our investigation remains ongoing, Gateway understands that the incident may have resulted in the theft of personal information of certain current and former employees in British Columbia, Alberta and Ontario,” the statement read.
“At this time, we are not aware of any misuse of information. However, we take the privacy and security of personal information very seriously and want to make sure our employees are kept informed.”
Gateway says they are notifying employees to make them aware of any possible unauthorized access to personal information held by Gateway. The company has also partnered with Equifax, a credit reporting agency, to provide potentially affected current and former employees with credit monitoring and identity theft protection.
Greg Weaver, Unifor's chairperson for Casino Rama and second vice-president for Unifor Local 1090 — the union representing many of the casino's staff — says the union has been advocating for credit monitoring since news of the attack broke.
He says the union is "disheartened" that Gateway has chosen to wait until confirming that personal information was compromised before agreeing to offer credit monitoring.
"They should have done it from the get-go," he said.
Weaver says employees are “extremely upset” with the situation.
“There is major concern among our employees,” he said. “Personal information is confidential, and if it’s out there, who knows what could happen.”
Gateway says they are working with “expert advisors” to determine if any personal information of customers was impacted.
“To date the independent forensic investigation that has been proceeding since April 16 has not uncovered theft of any sensitive patron personal information,” Gateway said in its statement.
“We are also keeping law enforcement, regulators and privacy commissioners updated on the investigation.”
Weaver says employees have the right to be upset about the situation. They can only hope the consequences of the incident won’t be severe, he said.
“They don’t know if their info has been shared on the dark web or not,” he said. “They just know it was susceptible.”
In its original media release announcing the closure of its Ontario casinos, Gateway characterized the cause as a "system-wide malfunction."
It was only days later that officials admitted the company was a victim of a ransomware attack. Despite being asked for details, Gateway officials refused to say if the company paid the ransom, who was holding the company ransom and if any person information was targeted and/or compromised.