In a recent announcement, Caesars Entertainment confirmed that it had fallen victim to a cyberattack that targeted its loyalty program database. The casino and resort operator disclosed the breach in a filing with the Securities and Exchange Commission on September 14. The incident, stemming from a social engineering attack on an outsourced IT support partner, raised alarms when suspicious activity was detected within its network.
Following an extensive investigation, it was determined that the cyberattackers had successfully accessed customer data, including a copy of Caesars’ loyalty program database. This database contained sensitive information such as driver’s license numbers and social security numbers of various loyalty program members. However, Caesars was quick to reassure customers that its customer-facing services, including its entertainment locations and mobile gaming apps, remained unaffected by the breach.
Caesars acted swiftly, deploying response protocols and launching a thorough investigation into the breach. The company stated that it had taken measures to ensure the stolen data is deleted by the unauthorized actors responsible for the attack, though acknowledging that a guarantee of this outcome is challenging. Fortunately, there was no evidence that passwords, PINs, or bank account information had been compromised during the incident.
One aspect that remains shrouded in mystery is whether Caesars Entertainment paid a ransom to the cyberattackers. While the company did not confirm or deny this, anonymous sources have reported in the media that Caesars may have paid a substantial sum, possibly reaching tens of millions of dollars, to the perpetrators.
The cyberattack on Caesars Entertainment is not an isolated incident in the casino and resort industry. Just days earlier, MGM Resorts had to temporarily shut down its systems due to a cybersecurity issue. Reports on social media indicated problems with slot machines and hotel room access on MGM Resorts’ properties. However, MGM Resorts later confirmed that its resort facilities were operational, and guests could still access their hotel rooms, though work continued to resolve the cybersecurity issue.
Caesars Entertainment remains committed to safeguarding its systems against future cyber threats. In its filing, the company emphasized that, while no organization can completely eliminate the risk of a cyberattack, it had made significant strides in bolstering its security posture. This effort included collaborating with top-tier third-party IT advisors to fortify its systems against potential future incidents. Caesars is resolute in its ongoing efforts to enhance cybersecurity.
The operator also disclosed that it had incurred expenses related to addressing the cyberattack. However, it expressed confidence that this incident would not have a significant impact on its future financial results. Caesars Entertainment is keenly aware of the evolving threat landscape and remains steadfast in its commitment to protecting customer data and maintaining the integrity of its operations.
The post Caesars Entertainment’s Loyalty Program Hit by Cyberattack appeared first on iGaming.org.