Communications Litigation Today was a Warren News publication.

Rivers Casino Was ‘Reckless' in Its Handling’ of Personal Information: Class Action

December 18, 2023 |Fraud

Donald Hess seeks damages, injunctive relief and restitution on behalf of himself and other consumers whose sensitive personal information was stolen after a cybersecurity breach at Rivers Casino in Des Plaines, Illinois, that started in August, said his class action Thursday (docket 1:23-cv-16791) in U.S. District Court for Northern Illinois in Chicago. The information stolen in the data breach included individuals’ “private, sensitive information,” including their full names, phone numbers, email addresses, dates of birth, driver’s license ID numbers, financial account numbers, passport numbers and Social Security numbers, it said. As a result of the data breach, Hess and the class members have “recognizable losses,” including an increased risk of identity theft or fraud, the loss of the benefit of “contractual bargain,” and the loss of time and resources for “rectifying or mitigating the effects” of the data breach, it said. A Milwaukee resident, Hess also brings his class action to address the casino’s “reckless handling” of consumers’ personal information, it said. The casino’s lax maintenance and control of its internal servers and computer networks left the personal information “vulnerable to external attacks,” it said. Its lack of “proper encryption protocols and software” left those internal servers and networks “defenseless against third-party attacks,” it said. The casino must have known, “or alternatively should have known,” of the foreseeable risk of potential cyberattacks on its internal servers and computer networks, it said. The casino “was on notice” that the failure to properly maintain network security could compromise consumers’ personal information “and cause future harm,” it said. The injunctive relief Hess seeks includes profiting the casino from maintaining consumers' personal identifying information on a cloud-based database, "if, in fact, it does so," it said. The class action also wants the court to require the casino to hire "independent third-party security auditors" or "penetration testers," it said.