Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Running Aces Casino data breach.
If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.
About Running Aces Casino
Running Aces Casino, Hotel & Racetrack is a gambling and entertainment venue located in Columbus, Minnesota, about 20 minutes north of Minneapolis and St. Paul.
Since opening in 2008, the facility has offered a range of activities, including a Las Vegas-style card room, live harness horse racing, a hotel, trout fishing, and a full-service restaurant called Trout Air Tavern.
What Happened?
In August 2025, Running Aces Casino, Hotel & Racetrack experienced a significant data breach involving ransomware. On Aug. 14, 2025, the company discovered that an unauthorized actor, identified as Qilin, had gained access to its systems.
The Qilin ransomware group claimed responsibility and posted evidence of the breach on their dark web portal on Sept. 8, 2025. The breach exposed sensitive information belonging to individuals associated with Running Aces Casino.
Possible Information Exposed
Names
Social Security numbers
Dates of birth
Driver's license numbers
The incident was reported to the Idaho Attorney General on Nov. 24, 2025. Consumers began receiving notifications from the company on the same date.
Your Rights and Next Steps
If
Source: https://www.claimdepot.com/investigations/running-aces-casino-data-breach-2025
Running Aces Casino, Hotel & Racetrack cybersecurity rating report: https://www.rankiteo.com/company/running-aces-harness-park
"id": "RUN1764620885",
"linkid": "running-aces-harness-park",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': None,
'industry': 'Hospitality/Gaming',
'location': 'Columbus, Minnesota, USA',
'name': 'Running Aces Casino, Hotel & '
'Racetrack',
'size': None,
'type': 'Gambling and Entertainment '
'Venue'}],
'customer_advisories': 'Notifications sent to affected consumers '
'on 2025-11-24, advising of potential '
'eligibility for compensation.',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Confirmed (Evidence posted '
'on dark web by Qilin)',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': ['Names',
'Social '
'Security '
'numbers',
'Dates '
'of '
'birth',
"Driver's "
'license '
'numbers'],
'sensitivity_of_data': 'High (Includes SSNs, '
"driver's license "
'numbers)',
'type_of_data_compromised': ['Personally '
'Identifiable '
'Information '
'(PII)']},
'date_detected': '2025-08-14',
'date_publicly_disclosed': '2025-09-08',
'description': 'Running Aces Casino, Hotel & Racetrack '
'experienced a significant ransomware attack in '
'August 2025, orchestrated by the Qilin '
'ransomware group. The breach exposed sensitive '
'personally identifiable information (PII) of '
'individuals associated with the casino, '
'including names, Social Security numbers, dates '
"of birth, and driver's license numbers. The "
'incident was discovered on August 14, 2025, and '
'publicly disclosed on the dark web by Qilin on '
'September 8, 2025. Notifications to affected '
'consumers were sent on November 24, 2025, '
'coinciding with the report to the Idaho Attorney '
'General.',
'impact': {'brand_reputation_impact': 'High (Potential loss of '
'trust due to exposure of '
'sensitive PII)',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': ['Names',
'Social Security numbers',
'Dates of birth',
"Driver's license numbers"],
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High (Exposure of SSNs, '
"driver's license numbers, and "
'DOBs)',
'legal_liabilities': 'Potential (Class action '
'investigations underway by '
'Shamis & Gentile P.A.)',
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': 'Confirmed '
'(Evidence '
'posted by '
'Qilin on '
'2025-09-08)',
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing (Class action investigation by '
'Shamis & Gentile P.A.)',
'motivation': 'Financial Gain (Ransomware)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': 'Confirmed',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': 'Qilin'},
'references': [{'date_accessed': None,
'source': 'Shamis & Gentile P.A. Investigation '
'Notice',
'url': None},
{'date_accessed': None,
'source': 'Qilin Ransomware Group Dark Web Post '
'(2025-09-08)',
'url': None},
{'date_accessed': None,
'source': 'Idaho Attorney General Report '
'(2025-11-24)',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': 'Potential (Class '
'action investigation '
'by Shamis & Gentile '
'P.A.)',
'regulations_violated': None,
'regulatory_notifications': 'Idaho '
'Attorney '
'General '
'(notified '
'on '
'2025-11-24)'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Consumer notifications '
'issued on 2025-11-24; '
'report filed with Idaho '
'Attorney General on the '
'same date.',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Likely (Given '
'notification '
'timeline)',
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Qilin (Ransomware Group)',
'title': 'Running Aces Casino Data Breach and Ransomware Attack '
'(2025)',
'type': ['Data Breach', 'Ransomware Attack']}