Thursday, Sept. 14, 2023 | 7:49 a.m.
Data from members in the loyalty program at Caesars Entertainment was compromised this month when an unauthorized actor acquired a copy of the program’s database, including the driver’s license and Social Security numbers of members, the resort said in a report to the Securities and Exchange Commission.
“After detecting the suspicious activity, we quickly activated our incident response protocols and implemented a series of containment and remediation measures to reinforce the security of our information technology network,” officials wrote in the report, which was released today. The attack happened Sept. 7, they said.
“We also launched an investigation, engaged leading cybersecurity firms to assist, and notified law enforcement and state gaming regulators," the company said.
Caesars paid a roughly $30 million ransom to hackers, the Wall Street Journal reported Wednesday. The report with the Securities and Exchange Commission doesn’t mention a ransom payment.
Caesars has properties up and down the Las Vegas Strip, including Caesars Palace, Horseshoe, Harrah’s, Planet Hollywood, Paris, Flamingo and Linq.
Caesars said it “identified suspicious activity in its information technology network resulting from a social engineering attack on an outsourced IT support vendor used by the company." The company said its customer-facing operation — both in-person and mobile gaming applications — weren’t impacted.
This is the second reported cybersecurity attack on a prominent Las Vegas resort company this week. MGM Resorts International wasn’t as fortunate with the disruptions to its operations.
The attack resulted in a shutdown that prevented credit card transactions and crashed the BetMGM sports betting mobile app and company websites. It also prevented digital access to guest rooms, halted some slot machine play and provided the company plenty of bad publicity.
Some visitors to its properties still weren’t able to access their rooms digitally as of Wednesday, relying on staff to provide physical keys.
Both MGM and Caesars said that they notified federal law enforcement as part of their response to the attack. The FBI on Tuesday said it was investigating the MGM incident.
Caesars said it is taking steps to “ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result.” Additionally, it said there wasn't evidence the data has been further shared or otherwise misused.
They are offering credit monitoring services to loyalty members. Call 888-652-1580 to register.
The targets of cybersecurity attacks are typically high-profile companies that face challenges getting back online, said Yoohwan Kim, a UNLV computer scientist who studies data privacy on blockchain and network security. Those companies also have the resources to pay a ransom.
“One thing is clear: When this happens, there’s a lot of chaos in the company figuring out what it will take to fix it,” said Kim, who spearheaded the effort to develop a cybersecurity major at UNLV.
