Recently, Running Aces reported to the Attorney General of Idaho that it had experienced a data breach in which sensitive personal identifiable information in its care may have been compromised. According to the breach notice, on August 14, 2025, Running Aces detected a data security incident in which an unauthorized third party compromised its network environment.1 As a result, Running Aces launched an investigation to determine the nature of the incident.
Through its investigation, Running Aces confirmed that sensitive personal information in its systems may have been accessed and compromised by an unauthorized third party during the breach. As a result, Running Aces began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
Name
Social Security number
Date of birth
Driver’s license number
On November 24, 2025, Running Aces began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Idaho residents, Running Aces is providing affected individuals with a list of the specific types of sensitive information impacted and 12 months of complimentary credit monitoring services. A link to the breach notification letters that Running Aces filed with the Attorney General of Idaho is below.
Source: https://straussborrelli.com/2025/12/02/running-aces-data-breach-investigation/
Running Aces Casino, Hotel & Racetrack cybersecurity rating report: https://www.rankiteo.com/company/running-aces-harness-park
"id": "RUN1764728912",
"linkid": "running-aces-harness-park",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': 'Impacted '
'individuals '
'(specific number '
'not disclosed)',
'industry': None,
'location': None,
'name': 'Running Aces',
'size': None,
'type': 'Organization'}],
'customer_advisories': 'Data breach notification letters sent to '
'impacted individuals',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Name',
'Social Security '
'number',
'Date of birth',
'Driver’s license '
'number']},
'date_detected': '2025-08-14',
'date_publicly_disclosed': '2025-11-24',
'description': 'Running Aces reported a data breach where '
'sensitive personal identifiable information may '
'have been compromised. An unauthorized third '
'party accessed its network environment, leading '
'to potential exposure of personal data.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Sensitive personal identifiable '
'information',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'Network environment'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Completed',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'recommendations': '12 months of complimentary credit monitoring '
'services for affected individuals',
'references': [{'date_accessed': None,
'source': 'Attorney General of Idaho',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': 'Filed '
'breach '
'notice '
'with the '
'Attorney '
'General '
'of Idaho'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Data breach notification '
'letters mailed to '
'impacted individuals',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Unauthorized third party',
'title': 'Running Aces Data Breach',
'type': 'Data Breach'}}