Station Casinos Faces Class Action Lawsuit Amid Cyberattack Disclosure

A Nevada, US woman has filed a proposed class action lawsuit against Station Casinos and its parent company following the casino operator’s recent disclosure that it was the victim of a cybersecurity attack earlier this year.

“Prime Target for Ransomware Attacks”

The lawsuit was filed Thursday in the US District Court in Nevada by Clark County resident Susan Geiner, who is seeking to represent other individuals whose information may have been affected by the breach.

Named as defendants are Station Casinos LLC, Station Holdco LLC, and the parent company Red Rock Resorts.

The legal action comes just days after Station Casinos confirmed that it had experienced a cyberattack in March. The company has since begun notifying affected customers and is offering complimentary credit monitoring and identity theft protection services.

According to the complaint, the company should have recognized the growing cyber risks facing the gaming and hospitality industries and taken stronger steps to protect sensitive customer information.

“The hospitality and gaming industries are a prime target for ransomware attacks,” the lawsuit states, using the argument that casinos hold valuable personal and financial data that can be easily exploited for identity theft and fraud.

The complaint also claims that the attackers were able to undisturbedly carry out significant activity within the casino’s systems without being spotted.

Attorneys representing the plaintiff claim the incident points to shortcomings in the company’s ability to identify and stop suspicious activity before customer information was potentially exposed.

Seeking Jury Trial

The lawsuit is looking for a jury trial and damages and other forms of relief, and also wants the company to cover the costs of notifying class members and administering any future claims process.

The case joins a constantly growing list of cybersecurity incidents affecting major gaming operators in Nevada. 

Over the past three years, several casino companies have disclosed cyberattacks, including Wynn Resorts, Boyd Gaming, MGM Resorts International, Caesars Entertainment, and OYO Hotel & Casino.

One of the most noteworthy cases is the cyberattack on MGM Resorts in 2023, which ended in a huge $45 million settlement of related class action lawsuits. 

The company had anticipated the incident would cause roughly $100 million in losses, but insurance coverage helped offset much of the financial impact.As investigations into the Station Casinos breach keep going, the lawsuit is expected to draw renewed attention to cybersecurity practices across the gaming industry, where operators hold large volumes of customer data and remain attractive targets for cybercriminals.