Ransomware gang claims data breach at Philadelphia casino, SSNs and bank account info leaked

Ransomware gang Cicada3301 yesterday claimed responsibility for a November 2024 data breach at Rivers Casino Philadelphia.

The casino sent data breach notices to victims at the end of December 2024 that stated names, Social Security numbers, and bank account info used for direct deposits were compromised. The casino has not publicly disclosed how many people it notified.

Cicada3301 says it stole 2.56 TB of data from Rivers Casino Philadelphia and its developer, Rush Street Gaming. It’s demanding the casino pay an undisclosed amount in ransom by February 15, 2025. To prove its claim, the group posted a sample of documents, which it says were stolen from the casino, on Cicada’s data leak website.

Rivers Casino acknowledged the breach but has not verified Cicada3301’s claim. We do not yet know if the casino did or will pay a ransom, or how attackers breached its network. Comparitech contacted Rivers Casino and Rush Street Gaming for comment and will update this article if they respond.

“We recently responded to and investigated an incident that involved unauthorized access to certain Rivers Casino Philadelphia computer systems. No other Rivers Casino locations were involved,” says the casino’s notice (PDF) to victims. “Through the investigation, we determined that an unauthorized actor accessed and/or took certain files stored on our computer servers.”

ABC6 Action News reported Philadelphia residents joined a class-action lawsuit seeking damages from Rivers Casino.

Rivers Casino is offering eligible victims one year of identity theft protection via Experian.

Who is Cicada3301?

Cicada3301 is a ransomware group named after a series of viral puzzles posted on the internet between 2012 and 2014, but is not affiliated with the puzzles or their creators.

Cicada both steals data and encrypts computer systems, forcing its targets to pay both for a key to decrypt their systems and for not selling or publicly releasing stolen data.

Cicada started posting targets to its leak site in June 2024 and since claimed responsibility for eight confirmed attacks. It claimed another 43 unconfirmed attacks that weren’t publicly acknowledged by the targeted organizations.

In August 2024, Cicada claimed another attack on UFCW Local 135, a San Diego labor union that issued data breach notices to 62,692 people.

Ransomware attacks in the US

Ransomware attacks can force an organization to shut down any affected systems including websites, communications, payments, and data storage. If the targeted organization doesn’t pay a ransom, then they face extended downtime, data loss, and putting users at increased risk of fraud.

Comparitech researchers logged 650 confirmed ransomware attacks in the US in 2024, compromising 258.3 million records. The average ransom is $2.6 million.

In 2025 so far, we’ve recorded six confirmed attacks:

• Laramie County Library
• Town of West Haven, CT
• Frederick Health
• New York Blood Center Enterprises
• Addison Northwest School District
• University of Oklahoma

We’re tracking another 311 unconfirmed ransomware claims made this year that have not yet been acknowledged by targeted organizations.

About Rivers Casino Philadelphia and Rush Street Gaming

Rush Street Gaming is a Chicago-based Casino developer. It owns six Casinos in Philadelphia, Pittsburgh, Portsmouth, New York, and Chicago. It was founded in 2009 and employs more than 5,000 people, according to its LinkedIn profile.

Rivers Casino Philadelphia, formerly SugarHouse Casino, opened in 2010. It was the first casino in Pennsylvania to offer online sports betting via BetRivers.com.