Update – 09/09: Riverside has confirmed the total figure for this breach as 55,155.
Don Laughlin’s Riverside Resort Hotel and Casino in Nevada yesterday confirmed it notified an undisclosed number of people about a July 2024 data breach that compromised names and Social Security numbers, among other data.
Ransomware group Lynx claimed responsibility for the attack on its leak site.
Although the full figure hasn’t been disclosed, government breach reporting sites say 1,359 Texas residents and 20 Massachusetts residents were notified. The notice does not specify whether the data belonged to guests, employees, or a mix of both.
The notice (PDF), dated September 5, 2024, states, “On July 25, 2024, Riverside learned of suspicious activity in its environment. Upon discovery, Riverside immediately engaged forensic specialists in cybersecurity and data privacy to investigate further. Through this investigation, Riverside determined that an unauthorized third party potentially accessed and acquired certain files during this incident.”
Riverside has not verified Lynx’s claim. We do not yet know whether Riverside paid a ransom, how much Lynx demanded, or how attackers breached Riverside’s network. Comparitech contacted Riverside for comment and will update this article if it responds.
Riverside is offering victims 12 months of free credit monitoring via Cyberscout. The enrollment deadline is 90 days from receipt of the notice letter.
Who is Lynx?
Lynx is a new ransomware gang that has claimed responsibility for 21 attacks in 2024, according to our data. However, this attack on Riverside was the first one acknowledged by a targeted organization.
Lynx’s attacks span a wide range of industries, and mostly target US organizations.
About Riverside Resort Hotel and Casino
Located in Laughlin, Nevada, Don Laughlin’s Riverside Resort Hotel and Casino first opened in 1966. It consists of 1,405 hotel rooms, almost 90,000 square feet of gaming space, several restaurants, and 740 spaces for RVs.