Caesars Entertainment confirmed reports of cyber attacks, revealing its loyalty program database had been compromised.
In a filing today (14th September) with the Securities and Exchange Commission, the operator stated that it had deployed response protocols and initiated an investigation after identifying “suspicious activities” in its larger network. The operator said that the activity was a result of a social-engineering attack on its outsourced IT support.
After an investigation it was discovered that the attackers obtained customer data including a copy Caesars’ loyalty database. The database contained the social security and driver’s license numbers of different loyalty program members.
Caesars said that the attacks on its customer-facing aspects, including Caesars Entertainment locations, mobile gaming apps and other Caesars Entertainment products, had not affected them.
Situation ongoing
Caesars has said that it “took steps to ensure the stolen data was deleted by the unauthorized attacker in the aftermath” of the attack, though it admits “we cannot guarantee this outcome”. The company said that it had not found any evidence of the theft of bank account or password information, nor PINs.
Caesars has not confirmed or denied that it paid ransom. Unnamed sources in the media have reported that Caesars paid ransoms in the tens or hundreds of millions of dollars to cyberattackers.
This isn’t the first hacking report this week. MGM Resorts was forced to shut down their systems on Monday after identifying a cyber-security issue . Posts on social media indicated issues with slot machines and hotel rooms on MGM Resorts’ properties.
MGM resorts confirmed to X, formerly Twitter, that their resorts were still operating and that guests could still access hotel rooms. is still being worked on in order to fix the cybersecurity problem.
Looking forward
In its filing, Caesars stressed that it had upgraded its systems in order to prevent any future incidents.
Caesars said that, “While no company will ever be able to eliminate the risk from a cyberattack,” we’ve taken steps to strengthen our systems, in collaboration with leading third-party advisors. “These efforts continue.”
We have taken additional steps to ensure the vendor of outsourced IT services involved in this case has implemented corrective actions to protect our systems from future attacks.
The operator said that it had incurred costs related to the incident, but did not anticipate this would have any impact on future results.