Popular slot machine chain Dotty's reveals data breach exposing SSNs, financial account numbers, biometric data, medical records and more

The breach involved customer driver's license numbers, passport numbers, financial account and routing numbers, taxpayer identification numbers and credit card numbers, as well as expiration dates.

Nevada Restaurant Services (NRS), the owner of the popular slot machine parlor chain Dotty's, has disclosed a data breach that exposed a significant amount of personal and financial information. 

In a statement, the company confirmed that "certain customers" were affected by the breach and explained that the information includes Social Security numbers, driver's license numbers or state ID numbers, passport numbers, financial account and routing numbers, health insurance information, treatment information, biometric data, medical records, taxpayer identification numbers and credit card numbers and expiration dates.

ZDNet Recommends

Best security key 2021

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

The Las Vegas-based company has about 600 employees, annual revenue of more than $70 million, and operates about 200 locations across Nevada, Oregon, Montana, and Illinois. They also operate Red Dragon taverns and hotels, Laughlin River Lodge, Bourbon Street Sports Bars, La Villita Casino and Hoover Dam Lodge.

"In January 2021, NRS identified the presence of malware on certain computer systems in its environment. NRS immediately commenced an investigation to determine the full nature and scope of the incident and to secure its network," the company said in a statement. 

"Through this investigation, NRS determined that it was the target of a cyber-attack and that, in connection with the cyber event, an unauthorized actor was able to copy certain information from the system on or before January 16, 2021."

The company added that the information leaked for each person was not the same. They plan to send out notification letters to victims of the incident but noted that they will only mail the letters if they have "valid mailing addresses."

An assistance line at (833) 909-3914 has been created for those who may wonder if they were affected by the breach but did not receive a letter. 

Vital Vegas reported in July that Dotty's has about 300,000 customers in its player database.

NRS confirmed that after the attack, they took steps to increase security and put in place "technical safeguards to its environment." They will be providing free identity protection services as is customary in situations like this. 

But the company urged victims of the breach to "remain vigilant against incidents of identity theft and fraud" while also using their one free credit report check allowed each year. They listed other suggestions for victims, like putting fraud alerts on their file and placing credit freezes on accounts. 

"However, you should be aware that using a credit freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit," the company added.