Caesars Entertainment, a major casino company, has revealed details about a recent data breach it experienced, which originated from a social engineering attack. According to Bloomberg, Caesars had been targeted by cybercriminals and ended up paying a multi-million dollar ransom in response to the attack. In a filing with the Securities and Exchange Commission (SEC), Caesars stated that an “unauthorized actor” was able to gain access to significant data through a social engineering attack on one of its outsourced IT support vendors. The attack began on September 7, and among the data obtained was the loyalty program database, which contains driver’s license numbers and social security numbers of many members.
Caesars emphasized in the filing that the full extent of the stolen data is still being investigated. However, the company assured that there is currently no evidence to suggest that member passwords, bank account information, or payment card information was acquired by the unauthorized actor. As soon as Caesars became aware of the suspicious activity, it activated its incident response protocols and enlisted the help of leading cybersecurity firms, law enforcement agencies, and state gambling regulators.
The company believes it has taken the necessary steps to protect against future cyberattacks. Caesars stated in the filing that it has been working with industry-leading third-party IT advisors to strengthen its systems and prevent future incidents. It has also collaborated with the outsourced IT support vendor to implement corrective measures that will safeguard its systems from similar attacks in the future.
The filing indicated that Caesars is actively working to ensure that the stolen data is deleted by the unauthorized actor. However, it also acknowledged that there is no guarantee of complete data deletion. The Wall Street Journal reported earlier this week that Caesars paid approximately $15 million to the threat actors as a ransom payment. The disclosure from Caesars about the ransom payment aligns with information from the Wall Street Journal report.
Caesars Entertainment has not provided any further comments on the incident at this time.
This breach announcement by Caesars came shortly after fellow gambling entertainment giant MGM Resorts also disclosed a cybersecurity issue. On September 11, MGM published a statement on Twitter acknowledging the incident. While MGM has not officially confirmed whether it was a ransomware attack, cybersecurity research collective VX-Underground stated on Twitter that two threat actors, the Alphv/BlackCat ransomware gang and a group known as Scattered Spider, claimed responsibility for the attack.
Reports from various media outlets indicate that guests at MGM resorts in the Las Vegas area have been experiencing significant disruptions to amenities, gambling machines, check-in and check-out processes, and access to hotel rooms. Information about the attackers and their motives has not been confirmed by MGM Resorts.
The threat group Scattered Spider, also known as UNC3944, has been active since May 2022 and is known for using social engineering and phishing techniques to breach organizations and steal data. They were previously responsible for compromising four Okta customers in a social engineering campaign earlier this year.
Both Caesars Entertainment and MGM Resorts have not responded to requests for comment from TechTarget Editorial.
In an update on September 15, the Alphv ransomware gang posted a statement on a dark web leak site, confirming its involvement in the MGM attack and threatening further attacks if a deal is not reached. The ransomware gang made several additional claims about the attack and the company’s response, but these claims could not be verified at the time of the report.
Cybersecurity incidents like these highlight the ongoing threats faced by organizations in the digital age. It is crucial for businesses to continually enhance their cybersecurity measures and collaborate with experts in the field to prevent and mitigate the impact of cyberattacks.