Graton casino ‘data breach’ potentially reveals some patrons’ Social Security numbers

The "Follow This Story" feature will notify you when any articles related to this story are posted.

When you follow a story, the next time a related article is published — it could be days, weeks or months — you'll receive an email informing you of the update.

If you no longer want to follow a story, click the "Unfollow" link on that story. There's also an "Unfollow" link in every email notification we send you.

This tool is available only to subscribers; please make sure you're logged in if you want to follow a story.

Please note: This feature is available only to subscribers; make sure you're logged in if you want to follow a story.


An undisclosed number of patrons at Graton Resort and Casino are being notified by mail of what casino officials said was an inadvertent email distribution of personal information such as names, addresses and Social Security numbers of patrons.

One Santa Rosa resident who declined to be interviewed or identified received the “Notice of Data Breach” on Thursday. A casino spokeswoman reached Saturday clarified that the release of information was due to “human error” and therefore not technically a “data breach.”

The two-page form letter said that on Sept. 1, casino staff “discovered that certain personal information was inadvertently distributed in a small number of email attachments as ‘hidden’ information that could be revealed via certain manipulation by the recipients.”

The notice said the emails were distributed this year between February and August.

“Upon discovering the situation, we immediately ceased distribution of the information, took steps to stop further distribution of the material and took steps to ensure it does not happen again,” the notice read.

The casino outside Rohnert Park is providing affected customers with a free one-year subscription to a credit monitoring service. The notice advises affected patrons to “closely monitor your financial accounts and credit reports for fraudulent transactions.”

Lori Nelson, a spokeswoman for Las Vegas-based Station Casinos, which operates the Graton casino, declined to specify exactly how many patrons were affected by the disclosure or say whether the “human error” stemmed from an employee or vendor mistake.

In a statement, she said only that “a number” of patrons were affected and that immediate action was taken to rectify the situation. Nelson said she could not provide more information beyond what was in the statement.

“It’s important to note this was not a data breach or a hack,” Nelson said in the statement. “It was human error that we have now taken the necessary steps to prevent from occurring again.”

Nelson said casino officials regret any inconvenience caused by the release of information.

“We place the integrity, safety and trust of our relationships with our guests at Graton Resort and Casino as our top priority,” Nelson said.

The mailed notices to patrons follow an unrelated network error Sept. 15 at the casino that crashed automatic payouts for the slot and video poker machines, requiring casino employees to hand-deliver winnings and forcing some patrons to wait at machines for up to four hours.

The network error was resolved that night, according to Nelson.

You can reach Staff Writer Martin Espinoza at 707-521-5213 or On Twitter @renofish.

Editor’s note: An earlier version of this story misspelled the first name of the spokeswoman for Station Casinos. It also mischaracterized her explanation that she could not provide more than what was disclosed by the casino in its written statement.

Show Comment

Our Network

Sonoma Index-Tribune
Petaluma Argus Courier
North Bay Business Journal
Sonoma Magazine
Bite Club Eats
La Prensa Sonoma
Emerald Report
Spirited Magazine