Customers at Rivers Casino in Des Plaines, Illinois, were targeted by a data breach of the casino’s systems in August, the casino announced Thursday.
The casino’s internal networks were accessed on or around Aug. 12, and the casino discovered the breach Nov. 2. Hackers targeted the names, birth dates, contact information, drivers’ license and government ID information belonging to an unspecified number of casino customers, employees and online customers.
Hackers also accessed Social Security numbers, bank information, tax ID information and passport information corresponding to a smaller number of customers and employees. However, the casino has no evidence that passwords or credit card numbers were collected.
The casino did not specify how many customers’ data was targeted, or how many Social Security numbers were lost. It also did not specify plans to contact affected customers directly.
“Upon learning of the incident, Rivers promptly took steps to contain the threat and secure our systems, avoiding any interruption to our operations,” the casino wrote in a Thursday news release.
The casino has enlisted a cybersecurity firm to look into the breach. It’s also working with Culloton + Bauer Luce, a Chicago-based crisis communications firm.
Representatives from the firm and the casino declined to comment further. The casino is asking customers to call 866-983-3108 if they think they were impacted.
Other Rivers casinos outside of Des Plaines were not targeted. The breach also did not affect customers of BetRivers, an online sports gambling platform associated with the casino.
Rivers Casino Des Plaines, which opened in 2011, boasts more than 65 table games and upward of 1,000 slot machines. The 24-hour casino grossed $545.6 million between October 2022 and September 2023, the highest total in the state, according to the Civic Federation.
The casino will provide breached customers with a free year of fraud alerts on their credit card. Users can also opt for a free security freeze, which prevents any release of data by consumer reporting agencies without permission.