New York’s Statewide Gaming Platform Suffers Security Breach

    Cyberattack
    Article by : Erik Gibbs Oct 23, 2023

    The New York Gaming Commission (NYGC) has reported a cybersecurity incident that led to the temporary closure or disruption of several state casinos operating video lottery terminals (VLTs).

    These machines, resembling Las Vegas-style slot machines, are connected and determine winning or losing spins based on lottery simulations. The timing of these wins depends on the overall network operation across the nine VLT properties.

    The VLT system in New York is managed by Everi Holdings on behalf of the NYGC. State gaming authorities have attributed the network disruption to a cyberattack against Everi, which occurred on Tuesday, October 17, 2023.

    According to Brad Maione, a spokesperson for the NYGC, “Everi, the licensed operator of New York’s video lottery gaming central system, experienced a cybersecurity event that remains under investigation.”

    Among the impacted establishments, Jake’s 58 on Long Island was the most severely affected. The Islandia casino closed its gaming floor and over 1,000 VLT machines on the morning of Tuesday, October 17. Gaming operations at the casino only resumed yesterday.

    Jake’s 58 is owned and operated by the Suffolk Regional Off-Track Betting Corporation (Suffolk OTB). The company is currently undertaking a $200-million expansion project for the casino, doubling the number of gaming positions to 2,000 seats.

    The expansion also includes the addition of several new restaurants and bars, a parking garage, and a sound barrier to reduce noise levels in the adjacent neighborhood.

    The NYGC has stated that no evidence suggests any customer information was compromised during the recent cybersecurity incident.

    The state has refrained from disclosing specific details about the event, such as the potential involvement of a criminal hacking group or whether a ransom demand was made. However, sources have asserted the attack took place and that the NYGC refused to pay a ransom.

    The gaming industry remains vigilant in the wake of recent cyberattacks on MGM Resorts and Caesars Entertainment. A multinational hacking group named Scattered Spider claimed responsibility for these attacks, alleging the theft of approximately six terabytes of data, equivalent to around 39 million document pages.

    The investigation into the incident is ongoing. Everi Holdings, the company responsible for managing the VLT system, has not issued a statement regarding the cybersecurity event.

    However, given its status as a publicly traded company in the US, securities regulations require disclosure if a ransom was paid.

    Numerous players at VLT casinos throughout the state are seeking answers about the incident and whether they should take measures to safeguard their personal information.

    Earl Gray, a local resident, suggested that the authorities should inform the public about the issue, stating that it’s a public place and people deserve to know what’s going on.

    Carole D’Amato, who resides in Shirley, expressed her concern, noting that the extended closure suggests a significant problem.