Casino Rama Avoids Class Action Lawsuit
Casino Rama, the largest and busiest First Nations casino location in Canada, received some good news this week. The Ontario Superior Court of Justice has refused to certify a case against the property as a class action lawsuit.
Casino Rama Lawsuit
The property is located in Rama, Ontario, on the reserve land of the Chippewas of Rama First Nation. The tribe jointly owns the casino, hotel, and entertainment facility with the Ontario Lottery and Gaming Corporation (OLC). Meanwhile, Gateway Casinos operates the venue. Casino Rama first opened in 1996 and underwent a massive renovation in 2013.
The Casino Rama lawsuit stemmed from a cyber attack that happened in November 2016. That’s when a hacker stole the personal and financial information from as many as 200,000 customers in the Casino Rama database.
Two people, Leonid Kaplan and Cheryl Jane Mizzi, joined to sue Casino Rama Services, CHC Casinos Canada, Penn National Gaming, and the OLC on several grounds. The list of grievances include negligence and breaches of contract and confidence.
But on May 7, 2019, the high court found that a class action lawsuit was not in order.
When It All Began
In November 2016, Casino Rama announced that it had fallen prey to a cyberattack. The hacker had access to personal and financial information of customers, employees, and vendors.
And when the hacker contacted the company to demand a ransom, Casino Rama refused to pay. The hacker subsequently posted the stolen data somewhere on the internet.
Casino Rama immediately notified law enforcement and the gaming regulator. It fully cooperated with all investigations and played a significant role in helping to remove the stolen data from the internet.
All potentially affected people were informed about the incident. They were also offered free credit monitoring services to be aware of any potential use of their personal information obtained during the cyberattack.
The Basis for a Lawsuit against Casino Rama
The final report stemming from the investigation noted that Casino Rama’s security levels did not meet the mandatory requirements. Furthermore, property management was unable to provide accurate information about the number of people affected.
This led to the lawsuit, in which the two original plaintiffs claimed that the casino was negligent and irresponsible. They sued for $60 million in compensation due to the public broadcasting of their private information and the negative effect it had on their lives. The allegations included negligence, breaches of contract and confidence, intrusion upon seclusion, and publicity given to private life.
However, at the certification hearing, the plaintiffs were unable to show any proof that they had experienced any type of real-life identity theft of financial loss, no fraud or other negative consequences from the cyberattack. They also failed to prove any serious or prolonged psychological harm.
Even so, the attorneys continue to push and sought permission from the court to file a class action lawsuit on behalf of many of the people affected by the attack.
No Basis for a Class Action Lawsuit
The Ontario Superior Court of Justice made its ruling on May 7. It came in the form of a dismissal of the motion requesting class action status.
Justice Belobaba said; “The fact that there are no provable losses and that the primary culprit, the hacker, is not sued as a defendant makes for a very convoluted class action. Class counsel find themselves trying to force square (breach of privacy) pegs into round (tort and contract) holes.”
The plaintiffs’ claims of breach of confidence and publicity of private information was denied because the hacker stole and published the information, not the land-based casino. The hacker invaded their privacy.
Belobaba concluded that the case’s primary claims had collapsed in their entirety. Most of the information stolen was private but not sensitive, such as email addresses. Further, the casino broke no contractual terms with regards personal information protection.
Each plaintiff’s case would have to be judged individually with regard to harm or humiliation caused by the cyberattack. In addition, they would have to prove that the casino is liable. Therefore, the case could not receive class action status.
Most analysts say this is the end of the case, as the class action is no longer an option. There is no word yet if the plaintiffs were considering further legal action.