The marquee sign at Caesars Palace displays a welcome to Celine Dion in Las Vegas on Feb. 16, 2011. The singer begins a new series of shows at The Colosseum on March 15.
Thursday, Sept. 14, 2023 | 2 a.m.
Caesars Entertainment Inc. paid tens of millions of dollars to hackers who broke into the company’s systems in recent weeks and threatened to release the company’s data, according to two people familiar with the matter.
Caesars is expected to disclose the cyberattack in a regulatory filing imminently, the people said. The disclosure of the alleged Caesars breach comes as another Las Vegas entertainment giant, MGM Resorts International, announced that it was hacked earlier this week.
Caesars didn’t respond to requests for comment. The company’s shares dropped 2.7% Wednesday to $52.35.
The group behind the attack is known as Scattered Spider or UNC 3944, according to the people. Its members are skilled at social engineering in order to gain access to large corporate networks, according to cybersecurity experts. In the case of Caesars, the hackers first breached an outside IT vendor before gaining access to the company’s network, according to the people.
The hackers began targeting Caesars as early as Aug. 27, according to one of the people.
Members of the hacking group are believed to be young adults, some as young as 19 years old, residing in the US and the UK, according to a person who has investigated multiple hacks by the group.
Hacking gangs typically ask to be paid in cryptocurrency if they demand a ransom. Some attacks deploy ransomware that locks up computer files, and the hackers then provide a decryption key if the victim pays. More recently, however, hacking gangs have stolen data from companies and then demanded payment, threatening to publish the information unless they are paid.
