To Top
Industry News

Station Casinos Sued After Hackers Went Undetected for Months in Data Breach

Station Casinos faces a class-action lawsuit after a March 2026 cyberattack exposed customer and employee PII.
Cybersecurity Concept, Digital Pad Lock and Circuits Overlay Code
Photo by Shutterstock.com / AIBooth
Vanessa Phillimore Avatar
Vanessa Phillimore
3 mins read
Share Share
Copy link Share on X Share on Facebook Share on Reddit Share via Email
linkedin iconemail icon
Google Preferred Source Badge light PlayUSA

Station Casinos and its parent company, Red Rock Resorts Inc., are facing a class-action lawsuit following the disclosure of a data breach stemming from a March 2026 cyberattack.

Clark County resident Susan Geiner filed the lawsuit individually and on behalf of others similarly situated in the US District Court in Nevada, accusing the operator of failing to implement adequate cybersecurity safeguards and exposing customers and employees to identity theft.

The scope of the Station Casinos data breach

The lawsuit states the data breach occurred March 5. Station Casinos disclosed the breach May 21 in a filing with the Maine Attorney General’s Office. The company confirmed that the breach compromised personally identifiable information (PII) belonging to employees and customers.

The stolen information may include names, email addresses, physical addresses, phone numbers, dates of birth, driver’s license numbers, passport numbers, vehicle details, and credit card information.

According to Station Casinos, an outside hacker gained access to the company’s systems by compromising a single employee’s account, which was connected to company files.

Unlike the high-profile 2023 attacks on MGM Resorts International and Caesars Entertainment — which disrupted hotel keys, reservation systems, and slot machines — Station Casinos reported that its operations continued without interruption.

Lax cybersecurity measures and delayed notification

The lawsuit was filed by the Las Vegas-based Freedom Law Firm and Ahdoot & Wolfson of King of Prussia, Pennsylvania, and argues that Station Casinos should have recognized the appeal of its customer data to cybercriminals and implemented stronger safeguards.

The filing alleges that the company’s internal security systems were wholly inadequate.

“The fact that the hackers could perform these overt, noisy operations without detection strongly suggests that defendants failed to implement and maintain the necessary monitoring and alerting systems, including endpoint detection and response tools, sufficient to timely identify malicious activity,” the filing states.

The lawsuit also faults Station Casinos for its delayed notification to affected individuals. The company discovered the breach on March 5, 2026, but did not notify affected consumers until May 21, 2026 — a gap of more than 11 weeks. The plaintiffs argue the delay left victims unaware and unable to take timely protective action.

Plaintiffs seek damages, credit monitoring, and more

The lawsuit seeks a jury trial and asks for actual damages, statutory damages, equitable relief, restitution, disgorgement, and statutory costs. According to a report by the Las Vegas Review-Journal, it also seeks an order requiring Station Casinos to pay the costs involved in notifying potential class members and administering the claims process, as well as prejudgment and post-judgment interest and reasonable attorneys’ fees.

Station Casinos confirmed the breach to cybersecurity outlet Cybernews the day after customer notifications were sent, and is offering free credit monitoring and identity theft protection to impacted customers. The company also reported that it cooperated with law enforcement and the Nevada Gaming Control Board and brought in cybersecurity experts. It has not confirmed whether a ransom was demanded or paid.

A troubling pattern: Nevada casinos keep getting hacked

Station Casinos is now the fifth major Nevada casino operator to be hit by a significant cyberattack since 2023. MGM Resorts International and Caesars Entertainment were both struck in September 2023, linked to the Scattered Spider and ALPHV/BlackCat hacking groups.

Boyd Gaming suffered a breach in 2025 involving employee data theft. Wynn Resorts was hit in October 2025, with the ShinyHunters group claiming to have exfiltrated 800,000 records before Wynn confirmed the incident.

The MGM Resorts cyberattack ended in a $45 million class-action settlement, setting a notable precedent for what Station Casinos may now face. The company had anticipated the incident would cause roughly $100 million in losses, though insurance coverage helped offset much of that financial impact. 

About the Author
VIEW ALL POSTS
Vanessa Phillimore
linkedin iconemail icon

Vanessa Phillimore is an experienced online casino content writer with a passion for crafting engaging, SEO-optimized content that connects players with the excitement of online gaming. With a deep understanding of the iGaming industry — from casino reviews and game guides to industry news and responsible gambling — Vanessa combines meticulous research with a compelling writing style that keeps readers informed and entertained.

VIEW ALL POSTS
Related Stories
Burning Embers Fly Around Fire Flame on Black Background
Commercial Gaming News
Delaware North's Ember Casino Enters New Jersey — Can It Outlast Two Dozen Rivals?
Delaware North quietly retired Betly and launched Ember Casino in New Jersey — powered by Playtech, backed by IGT and Light & Wonder, and gunning for a slice of a $2.9B market.
Vanessa Phillimore June 10, 2026
Banner for PlayUSA's best social casino list in June 2026
News Sweepstakes
New Online Social Casinos for June 2026: The Best Sites Worth Joining
We rank the best new social casinos in June 2026, according to their bonuses, casino games, and perks for existing users.
Vanessa Phillimore June 09, 2026
Generation of funds from cooperation. Political lobbying.
Industry News
California's Gambling War Keeps Millions Flowing to Politicians
California's battle between tribal casinos and cardrooms has generated millions in campaign contributions while courts weigh Rob Bonta's gambling regulations.
Vanessa Phillimore June 09, 2026
Digital Icons Representing Regulatory Compliance Overlay Image Of Man in Suit
Industry News
Fertitta’s Caesars Deal Heads to New Jersey Regulators for Review
Fertitta Entertainment’s planned acquisition of Caesars Entertainment faces regulatory review in New Jersey, where Caesars operates three Atlantic City casinos.
Vanessa Phillimore June 09, 2026
Love Island Unlocked Logo In Front of Pretty Brunette Woman with FanDuel Casino Logo
Commercial Gaming News
New Love Island: Unlocked Slot Launches With Ariana Madix Ahead of Season 8
Discover Love Island: Unlocked, the latest Love Island-themed online slot featuring character selection, bonus rounds, jackpots and a Fiji giveaway.
Vanessa Phillimore June 09, 2026
Colorful Art Collage of Hand Holding Lightbulb Inside of Blue Head
News Responsible Gambling
Roundtable Discussion on the Future of Responsible Online Gambling in Pennsylvania
Pennsylvania set a fifth straight gaming revenue record in 2025, but problem gambling is surging. Here's what lawmakers are doing about it.
Vanessa Phillimore June 09, 2026
Sign up to our newsletter to get PlayUSA’s latest hands-on reviews, expert advice, and exclusive offers delivered straight to your inbox.
You are already subscribed to our newsletter. Want to update your preferences data?
Thank you for signing up! You’re all set to receive the latest reviews, expert advice, and exclusive offers straight to your inbox. Stay tuned!
View Offers
Something went wrong. Please try again later