Skip to content
Casino

Station Casinos Discloses Data Breach Exposing Names, Social Security Numbers, and Financial Data

A March 2026 cyberattack at Station Casinos exposed some of the most sensitive personal data possible — and the company waited over two months to start notifying customers.

By Andrew Elmquist Updated May 26, 2026
Station Casinos

Station Casinos LLC has disclosed a data breach that occurred on March 5, 2026, with the Las Vegas-based hotel and casino company beginning to notify affected customers on May 21 after filing a disclosure with the Maine Attorney General. The breach exposed names and potentially a broader range of sensitive personal and financial information, including Social Security numbers, financial account numbers, dates of birth, driver’s license numbers, email addresses, phone numbers, and payment card information. The company said it discovered the unauthorized access on the same date it occurred but did not begin the formal notification process for affected individuals until more than two months later.

Station Casinos operates multiple major hotel and casino properties in the Las Vegas area, including Red Rock Casino, Green Valley Ranch, and Palms Casino Resort. Customers who have stayed at or transacted with these properties may be among those affected by the breach. The combination of data types potentially exposed — Social Security numbers, driver’s license numbers, and financial account details — places this incident in a serious category because that information is frequently sought by identity thieves for fraud, fraudulent account opening, and false tax filings.

What Was Exposed and What It Means

Station Casinos confirmed that names were definitively compromised in the breach, while categorizing additional personal data types as potentially exposed. The distinction between confirmed and potential exposure is common in breach disclosures and reflects the limits of forensic investigation, but it does not reduce the risk for individuals whose data may have been accessed. Social Security numbers paired with birthdates and driver’s license information represent a complete identity profile that bad actors can use for years after an initial breach.

The disclosure of payment card information as a potentially exposed category is particularly relevant for casino customers, who frequently use credit and debit cards for hotel stays, dining, and entertainment transactions in addition to any gambling activity. Station Casinos’ properties serve both tourists and Las Vegas-area locals, broadening the pool of individuals who may be affected beyond any single visitor profile.

Gaming Industry Cybersecurity Continues to Face Scrutiny

The Station Casinos breach is the latest in a string of significant cybersecurity incidents affecting the gaming industry. In 2023, MGM Resorts and Caesars Entertainment both suffered major ransomware attacks that collectively cost hundreds of millions of dollars in operational disruptions and regulatory penalties. Those incidents brought intense scrutiny to the cybersecurity practices of casino operators, and Nevada gaming regulators have been increasing oversight of data security standards across the state’s gaming industry since then.

The Nevada Gaming Control Board has broad authority to examine the information security practices of licensed casino operators, and a breach of this scope at a major Las Vegas company will likely attract regulatory attention. Nevada has also recently implemented new anti-money laundering compliance requirements that carry data governance implications, adding to the compliance environment operators must navigate.

What Affected Customers Should Do

Individuals who receive notification letters from Station Casinos should take standard breach response steps. Placing a credit freeze with the three major credit bureaus — Equifax, Experian, and TransUnion — prevents new accounts from being opened in your name. Monitoring credit reports for unauthorized activity and reviewing financial account statements for suspicious transactions are also essential steps. Because Social Security numbers and driver’s license data are among the potentially exposed categories, affected individuals should also review their state DMV account records and check their tax filing history for signs of identity misuse. Station Casinos is expected to provide details about any credit monitoring or identity protection services it plans to offer as part of its breach notification process.

Free · Weekly

The smartest 5 minutes in betting

Get the week's best offers, line moves, and data-driven picks — straight to your inbox. No spam, unsubscribe anytime.

Join 240,000+ subscribers. 21+ only.