Data Breaches

Caesars Confirms Ransomware Hack, Stolen Loyalty Program Database

The hijacked data includes driver’s license numbers and/or social security numbers from a Caesars Entertainment loyalty database.

Ransomware Attack SEC complaint

Caesars Entertainment, Inc., a well-known global hospitality brand, has been hacked by a cybercrime gang that stole a vast chunk of data, including the company’s loyalty program database.

In a filing with the SEC, Caesars said the hijacked data includes driver’s license numbers and/or social security numbers for a significant number of members in the database and provided a hint that a ransomware demand was paid to minimize the damage.

“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” Caesars said in the 8-K filing.  We are monitoring the web and have not seen any evidence that the data has been further shared, published, or otherwise misused.” 

Caesars said it currently has no evidence that member passwords/PINs, bank account information, or payment card information (PCI) were part of the data copied by the cybercriminal group.

The company said it identified “suspicious activity” on its network that resulted from a social engineering attack on an unnamed third-party support vendor. 

“We quickly activated our incident response protocols and implemented a series of containment and remediation measures to reinforce the security of our information technology network. We also launched an investigation, engaged leading cybersecurity firms to assist, and notified law enforcement and state gaming regulators,” Caesars said. 

Caesars said its core customer-facing operations – both online platforms and physical locations – remained untouched and operations continued without disruption.

The company said it has also  taken steps to ensure that the specific outsourced IT support vendor involved implements corrective measures to protect against future attacks that could pose a threat to its systems.

Advertisement. Scroll to continue reading.

The Caesars breach confirmation follows news that MGM Resorts is also struggling with the fallout from a “cybersecurity issue” that took its IT systems and web sites offline. A ransomware gang has taken credit for the MGM Resorts hack, which impacted MGM’s website, casinos, and systems used for email, restaurant reservations, and hotel bookings, and even digital hotel room keys. 

Related: The Chaos (and Cost) of Lapsus$ Hacking Spree

Related: Ransomware Gang Takes Credit for MGM Resorts Cyberattack

Related: MGM Resorts Confirms ‘Cybersecurity Issue’ 

Related: Blackbaud Fined for Misleading Ransowmare Disclosure

Related Content


Office supply retail giant confirms security incident disrupted online orders, communications channels and customer service lines.

Data Breaches

ZeroedIn says personal information of 2 million individuals was compromised in an August 2023 data breach that impacts customers such as Dollar Tree.


Healthcare solutions giant Henry Schein is once again restoring systems after ransomware group claims it re-encrypted files.

Data Breaches

Data breach at moving companies impacts Canadian government employees, and military and police personnel.


Morgan Stanley agrees to pay $6.5 million for exposing personal information through negligent data-security practices.

Data Breaches

McLaren Health Care is informing roughly 2.2 million individuals of a data breach impacting their personal information.

Data Breaches

US mortgage giant Mr. Cooper announced that customer data was compromised in an October 31 cyberattack.

Data Breaches

The State of Maine says the personal information of 1.3 million individuals was compromised in the MOVEit attack.

Copyright © 2023 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version