Gateway Casinos Warn Employees that Their Personal Information ‘Likely’ Compromised

Posted on: June 14, 2023, 10:06h. 

Last updated on: June 14, 2023, 12:01h.

Gateway Casinos continues to deal with the repercussions of a crippling cyberattack on its Ontario properties that occurred earlier this year.

Gateway Casinos cyberattack ransomware Ontario
Gateway Casinos was hit with a cyberattack in April that the company says presumably resulted in the illegal obtaining of confidential information on employees. Cybersecurity experts say there is little victims can do to have their data removed from the dark web. (Image: Casino.org)

On April 16, Gateway Casinos abruptly shuttered its 14 casinos in Ontario after company officials said a cyberattack rendered the resorts unable to operate. The ransomware event kept the properties dark for two weeks. Gateway Casinos Innisfil was the first to welcome back guests on April 29.

Along with Great Canadian Entertainment, Gateway is one of Canada’s largest gaming operators. The company operates casino gambling on behalf of the Ontario government and directs 20% of its gross gaming proceeds to the province.

The two-week closure was devasting to Gateway’s business. The company was rather tight-lipped at first about that hacking. It claimed it was unaware of whether any private information about guests or employees was comprised, and has since made several admissions about the attack.

Employee Data Seized

Gateway Casinos employees earlier this month voiced frustrations with the company’s response to the ransomware attack. Gateway only this month announced that it would provide free credit and identity monitoring services for workers. But the union that represents those employees says the company could have done that from the start.

“Gateway should have done it from the get-go,” said Unifor spokesperson Greg Weaver. “Personal information is confidential, and if it’s out there, who knows what could happen.”

Gateway recently sent a letter to its Ontario workforce informing them that the ransomware attack likely resulted in the breach of personal information. The company explained that on April 16, the casinos’ information technology (IT) network was the victim of a cyberattack that rendered its systems inoperable.

Since April, Gateway has been gradually restoring its IT systems with extensive assistance from external cybersecurity experts, and as the systems are restored, is investigating potential impacts on personal information,” the letter read. “While our investigation remains ongoing, Gateway understands that the incident likely resulted in the theft of personal information of certain current and prior employees.”

The Gateway notification went on to say that the cybertheft, in some cases, included the personal information of employees’ spouses, partners, and/or dependents.

Data is Money

For cybercriminals, cybersecurity experts say data is king. Speaking with CTV Windsor, cybersecurity expert Ritesh Kotak said confidential information has significant value on the dark web, where cybercriminals buy and sell such files to use in a myriad of illicit ways.

Once a breach occurs, your information is essentially out there in cyberspace. Cyber criminals leverage your information. They try to sell your information because there is value to your data,” Kotak explained.

Kotak said examples of how such data is used include identity theft and someone taking out a loan under the victim’s name.

Worse yet for Gateway Casinos employees worried about their personal information is that Kotak says once such information is disseminated to the dark web, “It is out there forever.”

“There’s really nothing you can do about that,” Kotak concluded.

Gateway’s free monitoring and identity theft services being offered to employees are for 12 months.