Graton casino ‘data breach’ potentially reveals some patrons’ Social Security numbers

Full names, addresses and Social Security numbers were sent out as ‘hidden’ information in some emails, the casino said.|

An undisclosed number of patrons at Graton Resort and Casino are being notified by mail of what casino officials said was an inadvertent email distribution of personal information such as names, addresses and Social Security numbers of patrons.

One Santa Rosa resident who declined to be interviewed or identified received the “Notice of Data Breach” on Thursday. A casino spokeswoman reached Saturday clarified that the release of information was due to “human error” and therefore not technically a “data breach.”

The two-page form letter said that on Sept. 1, casino staff “discovered that certain personal information was inadvertently distributed in a small number of email attachments as ‘hidden’ information that could be revealed via certain manipulation by the recipients.”

The notice said the emails were distributed this year between February and August.

“Upon discovering the situation, we immediately ceased distribution of the information, took steps to stop further distribution of the material and took steps to ensure it does not happen again,” the notice read.

The casino outside Rohnert Park is providing affected customers with a free one-year subscription to a credit-monitoring service. The notice advises affected patrons to “closely monitor your financial accounts and credit reports for fraudulent transactions.”

Lori Nelson, a spokeswoman for Las Vegas-based Station Casinos, which operates the Graton casino, declined to specify exactly how many patrons were affected by the disclosure or say whether the “human error” stemmed from an employee or vendor mistake.

In a statement, she said only that “a number” of patrons were affected and that immediate action was taken to rectify the situation. Nelson said she could not provide more information beyond what was in the statement.

“It’s important to note this was not a data breach or a hack,” Nelson said in the statement. “It was human error that we have now taken the necessary steps to prevent from occurring again.”

Nelson said casino officials regret any inconvenience caused by the release of information.

“We place the integrity, safety and trust of our relationships with our guests at Graton Resort and Casino as our top priority,” Nelson said.

The mailed notices to patrons follow an unrelated network error Sept. 15 at the casino that crashed automatic payouts for the slot and video poker machines, requiring casino employees to hand-deliver winnings and forcing some patrons to wait at machines for up to four hours.

The network error was resolved that night, according to Nelson.

You can reach Staff Writer Martin Espinoza at 707-521-5213 or On Twitter @renofish.

UPDATED: Please read and follow our commenting policy:

  • This is a family newspaper, please use a kind and respectful tone.
  • No profanity, hate speech or personal attacks. No off-topic remarks.
  • No disinformation about current events.
  • We will remove any comments — or commenters — that do not follow this commenting policy.