Graton Resort and Casino has revealed that an instance of "human error" might have exposed the personal information of some of its patrons. According to a "Notice of Data Breach" sent out to affected patrons, casino staff on September 2, 2017, "discovered that certain personal information was inadvertently distributed in a small number of email attachments as 'hidden' information that could be revealed via certain manipulation by the recipients." Graton Resort and Casino goes on to explain in its two-page letter that it sent out the potentially compromising emails between February and August 2017. Those attachments might have contained patrons' names, addresses, and Social Security Numbers.
Upon discovering the incident, the Rohnert Park-based gaming resort "took steps to stop further distribution of the material and took steps to ensure it does not happen again." It's also now offering all affected patrons a free one-year subscription to a credit monitoring service. Lori Nelson, a spokeswoman for Graton casino operator Las Vegas-based Station Casinos, has not provided any details about how many patrons the incident affected. As of this writing, she's said only that the event affected "a number" of customers and that it stemmed from either an employee's mistake or a connected party's fault. As quoted in a statement provided to The Press Democrat:
"It’s important to note this was not a data breach or a hack. It was human error that we have now taken the necessary steps to prevent from occurring again."
Anyone who has received a notification letter from Graton Resort and Casino should review their financial accounts and credit report for suspicious activity. In the event they detect an anomalous transaction, they should notify their bank or payment card issuer as soon as possible. They might also want to consider placing either a fraud alert or security freeze on their credit file. Doing so would make it more difficult for unauthorized parties to open new lines of credit in a person's name even if they know that individual's address and Social Security Number. News of this incident comes approximately one month after Equifax's announcement of a data breach that may have affected 143 million U.S. consumers.
