The Graton Casino PII Mistake Shows The Accidental Side Of Insider Threat

intelligentID | October 9, 2017

Patrons of The Graton Casino and Resort lost more than just their money, as some (PII) was compromised.

Patrons of The Graton Casino and Resort lost more than just their money, as some PII was compromised.

The Graton Casino and Resort in Rohnert Park, California made headlines this week when their patrons lost more than just their money, as some personally identifiable information (PII) was compromised.

The casino is citing human error for the mistake, and the casino’s spokeswoman declined to announce it a “data breach” or a “hack.” The mistake involved a company employee accidentally including customer information – such as addresses and Social Security numbers – in an attachment that was sent along with an undisclosed number emails between February and August 2017. The problem was just discovered last month on September 1, and the casino would not reveal how many people are potentially affected.

Casino officials stated that they discovered that certain personal information was inadvertently distributed in a small number of email attachments as ‘hidden’ information, but it could be revealed with certain manipulation by the recipients.

The Intelligent ID Solution

At Intelligent ID, we see that many people don’t understand the accidental side of insider threat, or how something like this could have happened mistakenly. While mistakes happen to everyone, accidents including customer’s PII and Social Security numbers is a huge issue for everyone involved. The employee was unaware that ‘hidden’ information could be manipulated to be seen by those who received the emails and therefore put the casino patrons at risk.

Intelligent ID recognizes each step in such an insider threat and includes multiple functionalities to address them all. In this situation, we would have scanned that email attachment, identified the PII immediately and, depending on the policy, either notified an administrator or blocked the email so the PII could not be accessed. While the casino sent an undisclosed number of emails containing PII over the span of 6 months, Intelligent ID would have caught the problem before the first email was ever sent.

Intelligent ID protects your organization against insider threat by monitoring file and user activity across multiple channels and alerting administrators to abnormal or risky behavior on your endpoints. Our team has researched hundreds of real-world insider threat incidents to produce a robust feature set geared toward protecting your organization’s employees, data, and resources.

Intelligent ID recognizes each step in a such an Insider Threat and includes multiple functionalities to address them all.

Intelligent ID is endpoint-based user monitoring and analytics software that secures organizations’ business assets by continuously monitoring and alerting management to suspect events taking place anywhere an endpoint may travel. This includes data loss or theft activity, compliance infractions, workplace liability issues, inefficient use of time and resources, infrastructure concerns, insecure file access, and more. For further information, visit us at or contact us at

Additional Resources