Latest victim of Oklahoma tribal casino cyberattack, Indigo Sky reveals breach
Two tribal casinos in Oklahoma are the latest victims of cyberattacks on the U.S. gaming industry.
Wyandotte-based Indigo Sky Casino & Resort and Outpost Casino confirmed this week a data breach that occurred in early December. The casinos are owned and operated by the Shawnee Tribe of eastern Oklahoma.
Indigo Sky Casino & Resort and Outpost Casino have recently discovered unusual activity on our computer network. Upon becoming aware of the issue, we immediately initiated an internal investigation, took steps to secure our systems and notified law enforcement," the casinos said in a joint statement.
The tribe said a review of its casino IT systems revealed that an unknown third party accessed the network on Dec. 1, 2023. The casino has since hired a forensic security firm to investigate and confirm the casino's computer security.
Indigo Sky and Outpost this week sent letters to employees and customers whose personal information may have been unlawfully seized in the cyber attack.
Personal Data Received
The Eastern Shawnee Tribe's data breach statement states that cybercriminals obtained Personally Identifiable Information (PII) through illegal means. PII includes names, driver's license numbers, Social Security numbers and medical information.
The casino believes employees and customers were affected, but no bank information or credit card numbers were reportedly compromised.
Indigo Sky and Outpost are offering free credit monitoring and identity theft protection services to affected individuals. Those who spot suspicious activity are asked to notify law enforcement authorities, including police and their state's attorney general.
We value your trust in us to protect your privacy, take our responsibility to protect personal information seriously, and apologize for any inconvenience this incident may cause. "
Indigo Sky Casino is a 245-room hotel and RV resort with more than 1,400 slot and electronic slot machines, 20 table games and bingo rooms. Outpost is a smaller facility with only slots and no on-site accommodations. The facility has approximately 280 slot machines.
Ongoing Security Issues
Commercial and tribal casinos have become targets of cybercriminal gangs in recent years. The most high-profile cases occurred last year, when MGM Resorts and Caesars Entertainment were both hit by ransomware groups.
Before the MGM and Caesars incidents, cybercriminal gangs tended to target tribal casinos rather than commercial resorts.
In 2021, the FBI Cybercrime Unit said Native American-owned casinos should be on high alert for ransomware attacks.Federal cybersecurity officials say ransomware groups often gain access through third parties that have business contracts and relationships with tribal casinos.
"Between 2022 and 2023, the FBI identified ransomware attacks that compromised casinos through third-party gaming providers. These attacks often targeted small and tribal casinos, encrypted servers, and the personal information of employees and customers."
The FBI requires casinos to perform offline data backups, ensure all backup data is encrypted and immutable, and regularly review the security of third parties "and those associated with your organization."
The FBI continues to emphasize the importance of companies establishing strict protocols for setting up remote IT access. Federal law enforcement also said companies should log and continually monitor remote connections and develop recovery plans.
Read also:
- Imperial Pacific International’s Saipan casino exclusivity still pending
- Family of tourist in Las Vegas helicopter crash awarded $100 million
- Mashpee is reviving troubled First Light casino project
- Star Entertainment's tax breaks won't stop its $2 billion revenue loss
Source: www.casino.org