Hot-Topics

Latest victim of Oklahoma tribal casino cyberattack, Indigo Sky reveals breach

Two Oklahoma tribal casinos, Indigo Sky and Outpost, are the latest victims of cyberattacks on the U.S. gaming industry.

SymClub
Apr 8, 2024
2 min read
Newscasino
Employees and visitors to Indigo Sky Casino & Resort and Outpost Casino in Oklahoma have been....aussiedlerbote.de
Employees and visitors to Indigo Sky Casino & Resort and Outpost Casino in Oklahoma have been warned about a data breach in December. The casino said the personal information was obtained from an unknown third party..aussiedlerbote.de

Attention!

Limited offer

Learn more

Latest victim of Oklahoma tribal casino cyberattack, Indigo Sky reveals breach

Two tribal casinos in Oklahoma are the latest victims of cyberattacks on the U.S. gaming industry.

Wyandotte-based Indigo Sky Casino & Resort and Outpost Casino confirmed this week a data breach that occurred in early December. The casinos are owned and operated by the Shawnee Tribe of eastern Oklahoma.

Indigo Sky Casino & Resort and Outpost Casino have recently discovered unusual activity on our computer network. Upon becoming aware of the issue, we immediately initiated an internal investigation, took steps to secure our systems and notified law enforcement," the casinos said in a joint statement.

The tribe said a review of its casino IT systems revealed that an unknown third party accessed the network on Dec. 1, 2023. The casino has since hired a forensic security firm to investigate and confirm the casino's computer security.

Indigo Sky and Outpost this week sent letters to employees and customers whose personal information may have been unlawfully seized in the cyber attack.

Personal Data Received

The Eastern Shawnee Tribe's data breach statement states that cybercriminals obtained Personally Identifiable Information (PII) through illegal means. PII includes names, driver's license numbers, Social Security numbers and medical information.

The casino believes employees and customers were affected, but no bank information or credit card numbers were reportedly compromised.

Indigo Sky and Outpost are offering free credit monitoring and identity theft protection services to affected individuals. Those who spot suspicious activity are asked to notify law enforcement authorities, including police and their state's attorney general.

We value your trust in us to protect your privacy, take our responsibility to protect personal information seriously, and apologize for any inconvenience this incident may cause. "

Indigo Sky Casino is a 245-room hotel and RV resort with more than 1,400 slot and electronic slot machines, 20 table games and bingo rooms. Outpost is a smaller facility with only slots and no on-site accommodations. The facility has approximately 280 slot machines.

Ongoing Security Issues

Commercial and tribal casinos have become targets of cybercriminal gangs in recent years. The most high-profile cases occurred last year, when MGM Resorts and Caesars Entertainment were both hit by ransomware groups.

Before the MGM and Caesars incidents, cybercriminal gangs tended to target tribal casinos rather than commercial resorts.

In 2021, the FBI Cybercrime Unit said Native American-owned casinos should be on high alert for ransomware attacks.Federal cybersecurity officials say ransomware groups often gain access through third parties that have business contracts and relationships with tribal casinos.

"Between 2022 and 2023, the FBI identified ransomware attacks that compromised casinos through third-party gaming providers. These attacks often targeted small and tribal casinos, encrypted servers, and the personal information of employees and customers."

The FBI requires casinos to perform offline data backups, ensure all backup data is encrypted and immutable, and regularly review the security of third parties "and those associated with your organization."

The FBI continues to emphasize the importance of companies establishing strict protocols for setting up remote IT access. Federal law enforcement also said companies should log and continually monitor remote connections and develop recovery plans.

Read also:

Source: www.casino.org

Attention!

Limited offer

Learn more