Caesars Entertainment, Inc., a well-known global hospitality brand, has been hacked by a cybercrime gang that stole a vast chunk of data, including the company’s loyalty program database.
In a filing with the SEC, Caesars said the hijacked data includes driver’s license numbers and/or social security numbers for a significant number of members in the database and provided a hint that a ransomware demand was paid to minimize the damage.
“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” Caesars said in the 8-K filing. We are monitoring the web and have not seen any evidence that the data has been further shared, published, or otherwise misused.”
Caesars said it currently has no evidence that member passwords/PINs, bank account information, or payment card information (PCI) were part of the data copied by the cybercriminal group.
The company said it identified “suspicious activity” on its network that resulted from a social engineering attack on an unnamed third-party support vendor.
“We quickly activated our incident response protocols and implemented a series of containment and remediation measures to reinforce the security of our information technology network. We also launched an investigation, engaged leading cybersecurity firms to assist, and notified law enforcement and state gaming regulators,” Caesars said.
Caesars said its core customer-facing operations – both online platforms and physical locations – remained untouched and operations continued without disruption.
The company said it has also taken steps to ensure that the specific outsourced IT support vendor involved implements corrective measures to protect against future attacks that could pose a threat to its systems.
The Caesars breach confirmation follows news that MGM Resorts is also struggling with the fallout from a “cybersecurity issue” that took its IT systems and web sites offline. A ransomware gang has taken credit for the MGM Resorts hack, which impacted MGM’s website, casinos, and systems used for email, restaurant reservations, and hotel bookings, and even digital hotel room keys.
Related: The Chaos (and Cost) of Lapsus$ Hacking Spree
Related: Ransomware Gang Takes Credit for MGM Resorts Cyberattack
Related: MGM Resorts Confirms ‘Cybersecurity Issue’
Related: Blackbaud Fined for Misleading Ransowmare Disclosure
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
- CrowdStrike to Acquire Application Intelligence Startup Bionic
- HiddenLayer Raises Hefty $50M Round for AI Security Tech
- Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages
- Extradited Russian Hacker Behind ‘NLBrute’ Malware Pleads Guilty
- Caesars Confirms Ransomware Hack, Stolen Loyalty Program Database
- AuthMind Scores $8.5M Seed Funding for ITDR Tech
- Zero-Day Summer: Microsoft Warns of Fresh New Software Exploits
Latest News
- Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware
- In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- Air Canada Says Employee Information Accessed in Cyberattack
- BIND Updates Patch Two High-Severity DoS Vulnerabilities
- Faster Patching Pace Validates CISA’s KEV Catalog Initiative
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
