Biometric Information Exposed in Slot Machine Operator Data Breach

The owner of a popular slot machine chain has suffered an extensive data breach in which biometric data has been exposed.

As ZDNet reports, the chain, Dotty’s, has 200 locations across Illinois, Montana, Nevada, and Oregon, and operates an additional assortment of hotels and bars, as well as La Villita Casino. Officially operating under the name Nevada Restaurant Services (NRS), it’s a large organization, with a workforce of about 600 employees.

Now, NRS has revealed that a discovery of malware on its IT systems in January led to the realization that it had been the target of a cyberattack and data breach. The company has not disclosed the full extent of the data breach, but indicated in a statement that various kinds of customer personal identity information (PII) were exposed, including Social Insurance Numbers, state ID and driver’s license data, financial data, health insurance data, credit card information, and biometric data.

The incident offers another example of the perils of storing sensitive customer information, including biometric data, in improperly managed centralized databases, and of the escalating problem of data breaches more broadly, with even the Department of Homeland Security having seen biometric information exposed in a high-profile data breach incident in 2019.

“What business does a slot machine chain named Dotty’s have managing biometrics and PII? This incident is precisely why companies like Nevada Restaurant Services should never be storing or managing customers’ biometric data,” Acuity Market Intelligence principal Maxine Most told FindBiometrics. “It further underlines the serious need for third party Biometric Identity-as-a-Services providers.”

Most participated in the FindBiometrics Enterprise Biometrics Summit last week, wherein she and other industry experts like FaceTec’s Jay Meier, NIST’s Naomi Lefkovitz, and IDEMIA’s Tarvinder Sembhi spoke on the best practices for biometrics, privacy, and identity data management. As the event demonstrated, a growing contingent of experts is emerging within the biometrics and identity industry who assert incidents like the Dotty’s breach can be avoided by interfacing with secured systems of record, like the DMV, rather than entrusting large honeypots of PII and biometric data for companies to manage themselves.

NRS has not disclosed what type of biometric data has been exposed, nor what biometric technology is used within its facilities. But it may be worth noting that a growing number of casino operators have turned to facial recognition to identify banned individuals and to help curb gambling addiction.

In any case, NRS says that it is working to mail out notices to individuals known to be affected by the data breach, and that it “has worked to add further technical safeguards to its environment,” according to a statement from the company.

Related News

Sponsored Links

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases.

Learn more: www.tech5.ai

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

HID powers the trusted identities of the world’s people, places and things. Our trusted identity solutions give people convenient and secure access to physical and digital places and connect things that can be identified, verified and tracked digitally. Millions of people use HID products to navigate their everyday lives, and billions of things are connected through HID technology. https://www.hidglobal.com/

As the world moves to a mobile-first economy, businesses need to modernize how they acquire, engage with, and enable consumers. Prove’s phone-centric identity tokenization and passive cryptographic authentication solutions reduce friction, enhance security and privacy across all digital channels, and accelerate revenues while reducing operating expenses and fraud losses. Over 1,000 enterprise customers use Prove’s platform to process 20 billion customer requests annually across industries including banking, lending, healthcare, gaming, crypto, e-commerce, marketplaces, and payments. https://www.prove.com/

Related News

Footer

Follow Us