The hacking of Casino Rama
will not result in a $60 million class action lawsuit.
For two decades, Casino Rama topped the hot list of Ontario gambling entertainment destinations.
Opened in the summer of 1996 on the reserves of the Chippewa of
Rama First Nation, it is jointly owned by the tribe and the Ontario Lottery and Gaming Corp (OLG), with day to day
operations managed by one of Canada’s largest gaming groups, Gateway
Casinos & Entertainment. Suffice it to say, the casino is
brimming with advantages – no pun intended.
Those first two decades went
swimmingly well for the casino, right up until November of 2016, when
it was reveals that a vicious cyber attack had befallen the
property’s computer systems. The casino’s database, containing the
personal information of some 200,000 employees and player’s club card
members, was compromised. The hacker, failing to acquire a ransom,
followed through on a threat to publish the stolen information to the
As is often the case in such instances where a multitude of victims are involved, many of those potentially impacted by the Casino Rama hack immediately retained a comprehensive legal team to represent them in a class action lawsuit. Now, after more than two years, it’s finally come to an anti-climactic ending.
Justice Belobaba determined that a
class action is not relevant in the dispute because no provable
losses have been named, the hacker that caused the issue is not named
as a defendant in the case, and the depth of victimization is far
from equal between the plaintiffs.
“The fact that there are no
provable losses and that the primary culprit, the hacker, is not sued
as a defendant makes for a very convoluted class action,” states
Justice Belobaba in this week’s ruling. By his befitting metaphorical
assessment, the lawsuit simply doesn’t fit the allegations.
“Class counsel find themselves trying to force square (breach of privacy) pegs into round (tort and contract) holes.”
The judge says the breach of
contract involve din the Casino Rama hack is not the fault of Casino
Rama, but rather the hacker who published the information. The
operation’s failure to prevent the hacker from publishing that
information is not sufficient in establishing the alleged torts.
Therefore naming Casino Rama as the defendant is not an appropriate
breach of contract claim.
And Then the Claim Really Fell Apart…
Where Justice Belobaba found the
proposal for class action status to “collapse in its entirety”
was within the scope of information retrieved by the hacker, in
regards to individual plaintiffs. The filing states that each
plaintiff’s private and confidential information was compromised.
However, in many cases, the information was neither private nor
confidential, amounting to nothing more than an email address.
The judge went so far as to clarify
that, had he found enough evidence and cause to certify the class
action, he would have ultimately forced multiple divisions between
the plaintiffs, based on the type of information stolen from each,
and whether it was actually published. While the plaintiffs’ attorney
filed a class action encompassing upwards of 200,000 people, those
names include anyone who received notification from Casino Rama that
their systems were compromised. In reality, only 10,900 people were
actually effected by the hacker’s actions.
As for Casino Rama’s part in the
incident, the judge could not fault the operation for its rapid
response. When the hacking was discovered, managers immediately
notified the OLG and sent out a mass, blanket email to everyone in
their database that could possibly have been impacted by the cyber
attack (the approximate 200,000 named in the lawsuit). All were
unambiguously notified of the situation and proactively advised on
how to secure their private information and accounts.
#1 Canadian-Friendly Casino
RoyalVegas.ca is our editorial pick for your specific gaming needs in 2021. Currently offering an entire suite of live dealer games, as well as a wide range of Canadian deposit options, RV truly offers a world-class gaming experience.