Personally Identifiable Information (PII) of some patrons of Graton Casino and Resort has been reportedly compromised. The casino said that an employee “accidentally” included customer information, such as, addresses and social security numbers in an attachment that was sent along with an undisclosed number of emails between February and August 2017.
While calling it a “human error”, Lori Nelson, Casino spokeswoman declined to announce it a “data breach” or a “hack”. The incident came to light on September 1, but with more than a month gone, the exact number of affected customers has not been disclosed yet.
Saying that casino officials regret any inconvenience caused by the release of information, Nelson added, “We place the integrity, safety, and trust of our relationships with our guests at Graton Resort and Casino as our top priority”.
In a two-page form letter, Casino officials said that it “discovered that certain personal information was inadvertently distributed in a small number of email attachments as ‘hidden’ information that could be revealed via certain manipulation by the recipients”.
“Upon discovering the situation, we immediately ceased distribution of the information, took steps to stop further distribution of the material and took steps to ensure it does not happen again,” the notice read.
The notice further advised affected patrons to “closely monitor your financial accounts and credit reports for fraudulent transactions.”
In an attempt to cover up its blooper, the casino is providing affected customers with a free one-year subscription to a credit monitoring service.