Caesars Entertainment, one of the largest casino operators in the world, has confirmed a major data breach that occurred as a result of a social engineering attack.
In an 8-K form filed with the Securities and Exchange Commission (SEC), Caesars disclosed that a database containing customer information, including driver license and social security numbers, was stolen by unidentified cybercriminals.
The company has not revealed the exact number of affected customers but stated that it was a "significant number" of loyalty program members.
The breach was discovered on September 7, and Caesars immediately launched an investigation into the incident. The company also hired leading cyber security firms to assist with incident response and notified law enforcement and state gaming regulators.
Caesars has stated that it has no evidence to suggest that passwords, bank account information, or payment card information were obtained by the attackers.
However, there is speculation that the breach may involve extortion. In the SEC filing, Caesars hinted at potential extortion and mentioned making a payment to keep the stolen information private. The company did not provide further details on the specific steps taken or the amount involved.
Other media outlets have reported that Caesars paid "tens of millions of dollars" in ransom to the hackers.
This high-profile breach comes as MGM Resorts, another major casino operator, experiences an ongoing cybersecurity incident that has left its IT systems and casinos inoperable for days.
Scattered Spider, a known internet crime gang, has claimed responsibility for the MGM Resorts intrusion. While there have been reports that Caesars was also targeted, Scattered Spider has denied any involvement in the Caesars breach.
Caesars Entertainment owns over 50 resorts and casinos in Las Vegas and 18 other states in the US. The company is currently investigating the extent of the stolen data and the potential impact on affected customers. It has advised customers to remain vigilant and be cautious of any suspicious communication or activity.
This latest data breach serves as a reminder of the increasing threat of cybercrime and the need for robust security measures in the gaming and hospitality industry.
As more personal information is collected and stored by companies, the risk of data breaches and the potential impact on individuals continues to grow.
Caesars Entertainment is working diligently to address the breach, mitigate any potential damage, and enhance its cybersecurity measures to prevent future incidents. The company is cooperating with law enforcement agencies and regulators to ensure a thorough investigation of the breach. Customers are advised to monitor their accounts closely, consider placing a fraud alert on their credit reports, and take steps to protect their personal information from further misuse.