Tag Archive for: Nevada

Hackers obtain personal data from 200K+ in southern Nevada casino data breach, class-action lawsuit says

/in


Class-action lawsuit filed after 2022 data breach

LAS VEGAS (KLAS) — A class-action lawsuit filed Wednesday alleges a southern Nevada casino’s computer systems were left vulnerable to a cyberattack, leaving the personal information of more than 200,000 customers and employees exposed, court documents said.

A hacker was able to access the sensitive information involving Rancho Mesquite Casino over several days in November 2022, documents said. Information accessed included full names and Social Security numbers.

The company operates the Rising Star Sports Ranch Resort in Mesquite, the Eureka Casino in Las Vegas and The Brook in Seabrook, New Hampshire, its website said. Two of the company’s properties were affected, documents said.

The class action, filed in Las Vegas court, alleges the company failed to provide “to provide timely and adequate notice” about the breach. The originating plaintiff is a California resident who said his computer was part of a ransomware attack, documents said.

A document in the filing, provided by authorities in Maine, said the company mailed notices of the breach in December 2022. The company was offered a dedicated phone line and one year of credit monitoring.

“On November 9, 2022, Eureka experienced a cybersecurity incident during which some of our systems were encrypted by an unauthorized actor,” a letter sent to those affected by the breach and included in the filing said. “Upon discovering the incident, we immediately took steps to secure our systems, began an investigation, and a cybersecurity firm was engaged to assist. Although the investigation is ongoing, we identified certain data that the unauthorized actor accessed during the incident. We began a review of the data and identified that the data included some of your information. Specifically, the data included your name and Social Security number.”

The lawsuit alleges the company failed to encrypt the sensitive information.

“Simply put, plaintiff and class members now face substantial risk of out-of-pocket fraud losses such as loans opened in their names, medical services billed in their names, tax return fraud, utility bills opened in…

Source…

‘Nevada Group’ hackers target thousands of computer networks

/in


A mysterious and unidentified group of hackers have sought to paralyse the computer networks of almost 5,000 victims across the US and Europe, in one of the most widespread ransomware attacks on record.

The hacking unit, initially nicknamed the Nevada Group by security researchers, began a series of attacks that started around three weeks ago by exploiting an easily fixed vulnerability in a piece of code that is ubiquitous in cloud servers.

The Financial Times contacted several victims identified from the publicly available information. Most declined to comment, saying they had been asked by law enforcement to do so. They include universities in the US and Hungary, shipping and construction firms in Italy and manufacturers in Germany.

Authorities have yet to identify the perpetrators, guessing only from their recruiting announcements on the web that it is a mix of Russian and Chinese hackers.

The hackers have demanded a surprisingly small ransom to release their hold over computer networks — as little as two bitcoins (around $50,000) in some cases, according to copies of their ransomware notes that were briefly visible. By contrast, a rival gang demanded $80mn from the UK’s Royal Mail in another recent and high-profile attack.

This ease with which this new group has fanned across vast swaths of the west’s internet infrastructure underlines the nature of much of the ransomware threatening businesses around the world. Most of the attacks are relatively simple, yield small sums and often go unnoticed.

In a scene that features rival, and often feuding, ransomware gangs, this unknown newcomer is “a solid new threat in our landscape in the near future”, said Shmuel Gihon, at Israeli cyber security firm CyberInt.

He warned that the simplicity and breadth of the attack could spawn copycats. “The scale of this campaign is one of the biggest we have seen, (and since it is ongoing), the real problem is that veteran groups see the potential damage they can do.”

The ransomware campaign is now referred to as the ESXiArgs, after the loophole it exploits — though there is some confusion as to whether it and the Nevada Group are the same or copying off each other.

In February…

Source…

Nevada Attorney General wants cyber savvy parents – News3LV

/in



Nevada Attorney General wants cyber savvy parents  News3LV

Source…

No evidence Nevada systems compromised by attack on Solar Winds software

/in


Gov. Steve Sisolak says experts have found no evidence any Nevada computer systems or websites have been compromised by the attack on Solar Winds Orion.

He said the state is continuing to work with the federal government and private industry to ensure the systems issuing Solar Winds are safe.

“However, this is still a rapidly evolving investigation and as the state learns more, the status may change,” according to a statement issued Tuesday. “It would take a substantial amount of time to have a complete picture of the effects of the attack.”

Alan Cunningham, Nevada’s chief information officer, said the state uses Solar Winds software in a number of agencies. Those systems have been off line since Dec. 14 when the attack was announced. They will be put back online in accordance with federal cyber-security guidance.

He said officials also want to notify the public so that they can protect themselves from attacks.

He said that includes keeping security software up to date to protect against viruses, malware and other online threats. He said people should use strong passwords and don’t use the same password for everything, especially sensitive accounts like banking and utilities.

In addition, he warned not to use the same passwords for those accounts as on social media.

If a government or business site you do business with is hacked, change your password immediately, monitor your bank accounts and be alert for scams.

Source…