Computer security experts say confidential employee information hacked from a computer in an office at the Calgary-area casino is the tip of a much bigger problem.
Someone gained access to a computer in the human resources department and downloaded confidential letters and files with the names and personal information of over a dozen employees and then posted the documents on the Internet, Global News learned Wednesday.
The casino manager told Global News it’s suspected an employee may have clicked on a bad link in an email or logged onto a website to allow the access.
IT security expert Carl Fransen with CTech IT Support Services says the potential from that kind of breach is unlimited.
“The question is: what can’t they access? And that’s only limited to the person’s current access rights under that system. Once they’re in your system, it’s very hard for them to be taken out.”
Casino manager Martin Brickstock said the breach was isolated to the one computer, but Fransen said it reinforces the need to train employees, have layers of security and review procedures regularly.
“Everyone right here has at least been scanned, been probed or at least been approached by some method that can at least compromise them,” Fransen said.
Watch below from Jan 25: The Grey Eagle Resort and Casino is dealing with a privacy breach, after personal information belonging to employees was posted online. Tony Tighe reports.
All security breaches involving private information must be reported to the Alberta Privacy Commissioner.
Last year, the office received nearly 300 reports.
Commissioner Jill Clayton said how an organization responds to a hack is just as important as having safeguards in place.
“Think about it ahead of time: who needs to be involved? Who do you need to report it to? When it does happen, sometimes you have to bring everybody together very quickly, come up with a plan very quickly, do an assessment and see if you have to notify affected individuals,” Clayton said.
Grey Eagle said all the people named in the stolen documents were contacted and a forensic cyber team is reviewing security.
The casino said they have not received a ransom demand and don’t believe any other information will be released.