Star punters’ details exposed in massive legal hack as identity data is leaked on the dark web – but casino kept quiet for a YEAR after they were alerted

Some Star Casino gamblers have had their private details exposed in a major data breach, with millions of documents stolen from Australia’s largest law firm by Russian hackers.

The Star Entertainment Group, which runs The Star casinos in NSW and Queensland, has told some of its customers that their data was compromised during a cyber attack on HWL Ebsworth Lawyers that took place in April last year.

Much of the private information, including banking details, passports and physical addresses, ended up on the dark web for three weeks before the law firm issued an order to have it removed.

It is unclear why the casino took almost 12 months to warn its customers.

Some of the information, including bank details, passports and physical addresses, ended up on the dark web for three weeks before the law firm issued an order to have the information removed.

A spokesperson for HWL Ebsworth Lawyers said analyzing the stolen data was a ‘detailed and complex challenge’.

One irate gambler was told his passport, driver’s license, tax number and birth certificate may have been exposed in the hack.

The casino informed the customer that HWL Ebsworth Lawyers would reimburse him for the costs of replacing his driver’s license or passport.

“The latest fiasco for Star Casino – offering to cover the cost of a replacement license and passport is not enough… hopefully there will be another class action against the Star that I can join,” he told Daily Mail Australia.

In a statement, The Star revealed the vast and alarming list of personal information at risk.

These include physical addresses, phone numbers, employment information, physical signatures, credit card information, Medicare card scans, medical information, and banking information.

An irate gambler was told his passport, driver’s license, tax number and birth certificate may have been exposed by the hack (pictured)

“The latest fiasco for Star Casino – offering to cover the cost of a replacement license and passport is not enough… hopefully there will be another class action against the Star that I can join,” the gambler told Daily Mail Australia

“HWLE and The Star recognize that it has taken some time for this notice to be issued since the discovery of the incident,” the statement said.

‘This is because a very large amount of data was extracted, but the extent of the impact on personal information was not immediately clear to HWLE.

‘A complex and extensive manual review was required to assess what personal information was involved and to identify the individuals involved.’

The hack was blamed on a Russian group called ALPHV, also known as BlackCat, which stole 2.5 million documents from HWL Ebsworth customers last year.

HWL Ebsworth refused to pay a $7.1 million ransom and successfully secured an injunction from the NSW Supreme Court in June last year to prevent the publication of details on the dark web.

The legal partnership called the ban ‘extremely successful’.

“Without the order, anyone with access to the dark web would not have had any legal restrictions on access to the published portion of the exfiltrated data during the short period it was accessible,” HWL Ebsworth said in a statement.

“Our approach has limited the potential for misuse of the exfiltrated data, while still ensuring that affected individuals are notified of their sensitive data affected in this incident.”

It is the latest in a series of setbacks for the controversial Star Casino.

The company is currently facing a second investigation into whether it should be licensed to operate its casino in Sydney.

An earlier investigation from 2022, two years ago, found that compliance measures were not up to standard, allowing money laundering and fraud to flourish.

If the second investigation shows that no improvements have been made, the casino risks losing its license completely.