FB pixel

Slot machine chain exposes customer biometrics in data breach

Slot machine chain exposes customer biometrics in data breach
 

Slot machine parlor chain Dotty’s owner Nevada Restaurant Services (NRS) has disclosed a privacy breach that exposed customers’ biometrics and other personally identifiable information (PII).

NRS did not specify how many individuals had their PII exposed, but the company confirmed the breached data included Social Security numbers, driver’s license numbers or state ID numbers, and passport numbers.

Also, financial account and routing numbers, health insurance information, treatment information, biometric data, medical records, taxpayer-identification numbers, and credit card numbers and their expiration dates were included in the breach.

While payment card and age-related data is likely necessary for the compliant operation of the slot machines, the inclusion of medical records raises questions about the necessity of storing all of the breached data.

According to a ‘Notice of Data Privacy Event’ report posted by NRS on September 3, the breach occurred in January this year.

Following an investigation by NRS, the company determined it had been the victim of a cyber-attack and that an unauthorized actor was “able to copy certain information from the system on or before January 16, 2021.”

Customers potentially affected by the breach have been contacted by NRS via notice letters, with the company setting up a phone number for individuals who did not provide their mailing addresses or receive a notice letter.

NRS also offered free identity protection services to customers protected by the breach, but at the same time clarified that using a credit freeze to take control over who gets access to the personal and financial information in the credit report may interfere with the approval of loans, credit, mortgage, or any other account involving the extension of credit.

Moving forward, NRS confirmed it has “security measures in place to protect its systems and the information in its possession” and “has worked to add further technical safeguards to its environment.”

The specific type of biometric data included in the breach is not specified in the notification, and a link to the company’s privacy policy is not provided on Dotty’s homepage.

States such as South Carolina have been updating data protection laws to include more stringent notification requirements and deal specifically with biometric data.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Biometrics race for the borders

Biometrics to ease border crossings are a major theme of the week among Biometric Update’s most-read articles of the week….

 

US election likely to be a missed opportunity to advance digital ID policy

The 2024 U.S. election represents an opportunity for social dialogue around digital identity policy in the wake of a series…

 

India to pilot Digi Yatra for foreign nationals in 2025

India is planning an international pilot project for June 2025 that will see the introduction of facial recognition technology beyond…

 

Papua New Guinea advances digital ID, wallet and govt platform to pilot

Papua New Guinea has stood up a new digital ID, wallet and online government platform, and plans to pilot them…

 

UK police organized crime unit seeks new facial recognition software

The UK’s main law enforcement agency against organized crime is looking into new facial recognition solutions, as the country doubles…

 

The EUDI Wallet was not meant for age assurance: AVPA

The European Union should not look at the EU Digital Identity (EUDI) Wallet as an age-assurance solution to keep minors…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events