Casino giant Caesars reports data breach
Learn More
Caesars Entertainment hotel and casino corporation, has officially reported a severe data breach which involved a sophisticated 'social engineering attack,' exposed sensitive customer data, including details from its loyalty program database.
The number of affected individuals is not disclosed
Personal information including driver's license numbers and possibly social security numbers for a significant number of members within the loyalty program database were compromised. The breach originated from a successful 'social engineering attack' on one of the company's outsourced IT support vendors, underscoring the effectiveness of this manipulation tactic.
In response to the breach, Caesars Entertainment reluctantly paid nearly half of a demanded $30 million ransom to prevent the hackers from disclosing the stolen data. Caesars hopes that stolen data is deleted, although they caution that the outcome cannot be guaranteed.
This cyberattack on Caesars follows a similar breach targeting MGM Resorts, allegedly orchestrated by a group known as Scattered Spider. The group's methods, including social engineering tactics to gain unauthorized access, mirror those employed in the Caesars breach. Several MGM systems remained paralyzed for days due to an unspecified cybersecurity issue, causing significant disruption. The gambling industry has increasingly become a target for cyberattacks due to the vast amounts of personal and financial data they collect, and this trend extends globally, affecting gaming companies worldwide.
In response to the growing threat of cyberattacks, the Securities and Exchange Commission (SEC) has implemented new rules requiring companies to report cybersecurity incidents within four days if they have a material impact on their business. These regulations, set to go into effect in December, mark a significant step towards improved transparency and accountability in the face of escalating cyber threats in the corporate world.
Update - The Scattered Spider hacking stated that it took six terabytes of data from the systems of multi-billion-dollar casino operators MGM Resorts International and Caesars Entertainment.
On 19th September, Caesars confirmed that attackers initially demanded a $30 million ransom payment, with Caesars able to negotiate the eventual amount down to $15 million. The company said that it is only partially covered by cyber attack insurance.
On 11th October Casino giant Caesars admitted that more than 41,000 of its patrons had their personal information stolen the data breach.
While the total number of victims is still counted, Caesars has now said that 41,397 folks from the state of Maine had their details stolen by the cybercrime gang responsible for the ransomware attack.
