Canadian casinos are not having the greatest week, dealing with allegations of money laundering and the unauthorized public release of private customer data.
On Tuesday, British Columbia authorities announced the arrest of nine suspects in a widespread criminal enterprise that allegedly laundered millions of dollars through local casinos. Police have yet to indicate which casinos are involved but did say that none of the arrested suspects are casino employees.
The criminal gang, which reportedly has links to mainland China and other countries, stands accused of everything from money laundering to extortion to loan sharking to operating its own illegal gambling operations. The arrests followed a lengthy investigation that began in May 2016.
BC Gaming Industry Association exec director Peter Goudron expressed surprise at the scale of the money laundering allegations, telling the Vancouver Sun that “given the robust [anti-money laundering] procedures in place at BC casinos we are unaware how this could have taken place.”
Goudron’s befuddlement is curious, given that the British Columbia Lottery Corporation (BCLC) has been repeatedly criticized for taking a Mr. Magoo approach to observing its AML responsibilities, a somewhat standard reaction whenever a state-run entity is tasked with both operating and regulating gambling services.
Ironically, the investigation that resulted in Tuesday’s arrests was started just one month after the BC government announced the formation of a Joint Illegal Gaming Investigation Team to replace the enforcement agency the BC government shut down in 2009 to save a whole C$1m in annual costs (a pittance, given BCLC earned profits of C$1.31b in its most recent fiscal year).
The timing of Tuesday’s bust is awkward, given that BCLC’s corporate security & compliance division is scheduled to give an “improvisational comedy” routine at next week’s Canadian Gaming Summit to “change the perception of their role” in BC’s gaming industry.
CASINO CUSTOMER DATA LEAKED ONLINE
Across the border in Alberta, the Cowboys Casino in Calgary has warned its customers that unknown hackers have leaked their personal information online, and more is expected to hit the digital airwaves in the coming weeks.
Cowboys reported its internal servers being hacked in June 2016, leading to the digital theft of personal data – including the gambling habits of the casino’s “elite members” – belonging to 14,294 customers and staff.
At the time, the casino’s management alerted customers and the provincial privacy commissioner regarding the intrusion, but warned that it was powerless to stop the thieves from making the information public.
This week, a tranche of this data was posted to the Pastebin data-sharing service, along with a note accusing Cowboys Casino’s digital security of being “non-existent.” The author(s) of the note claimed to have warned the casino of their lax security ahead of the heist but this warning “was ignored for over a year.” The note said more data would be released in three subsequent batches unless the casino fixed its “security holes.”
Cowboys isn’t the only Canadian casino to have been targeted in this fashion. Last year also saw Ontario’s Casino Rama fall victim to a similar heist-and-post scheme. That case also featured hackers claiming to be acting in good faith to expose the lax security at gaming venues.