Caesars Entertainment, a leading hotel and casino company, has confirmed that it fell victim to a major cyberattack in which a large amount of customer data was stolen. The attack was initially reported by Bloomberg and has since been confirmed by the company through an 8-K notice filed with federal regulators.
Key Takeaway
Caesars Entertainment has suffered a cyberattack resulting in the theft of a significant amount of customer data, including driver’s license numbers and Social Security numbers. The attack was attributed to the hacking group Scattered Spider and is believed to have exploited social engineering methods. The incident highlights the ongoing vulnerability of major organizations to cyber threats, and the importance of robust cybersecurity measures.
The Details of the Attack
The cyberattack targeted Caesars Entertainment’s loyalty program database, which contained sensitive information such as driver’s license numbers and Social Security numbers. While the company has not disclosed the exact number of individuals affected, it stated that a “significant number of members” had their data compromised.
In addition to the loyalty program database, other unspecified data was also stolen. Caesars Entertainment has taken steps to ensure the stolen data is deleted, although they cannot guarantee success in this regard. This implies that the company may have paid a ransom to the hackers, as reported by The Wall Street Journal.
Attackers and Method
The hacking group, known as Scattered Spider or UNC3944, is believed to be responsible for the attack. This group utilizes social engineering techniques to deceive employees and gain access to corporate networks. Scattered Spider has a reputation for targeting large organizations, and their members reportedly consist of young adults and teenagers.
Caesars Entertainment has stated that the cyberattack was the result of social engineering on an external IT vendor, without specifying the vendor’s name.
MGM Resorts Cyberattack
Interestingly, Caesars Entertainment is not the only hotel and casino giant to suffer a cyberattack recently. MGM Resorts also reported a “cybersecurity issue” earlier this week. The outage caused by the attack has persisted for several days, with no immediate signs of resolution. However, it is unclear if the two incidents are connected.
Law Enforcement and Measures Taken
Caesars Entertainment has reported the incident to law enforcement agencies and is cooperating with investigations. The FBI has confirmed that it is investigating the cyberattack on MGM Resorts but has not provided any further details. Authorities typically advise against paying ransoms in cyberattack cases.