Five days after a cyberattack crippled operations of MGM Resorts properties nationwide, Caesars Entertainment acknowledged it was the target of one as well.
According to a report from Bloomberg, Caesars acknowledged the attack in a regulatory filing. But unlike MGM, Caesars paid “millions” to prevent further harm.
A hacker group known as Scattered Spider, or UNC3944, perpetrated the attack on both gaming giants. The organization comprises young adults in the U.S. and U.K. skilled at accessing large corporate networks.
First, the group hacked a third-party IT vendor. Then, they gained access to the Caesars network.
Payment likely kept Caesars’ properties running smoothly
Both MGM and Caesars operate casinos in Ohio. But spending money appears to have kept Caesars’ properties running smoothly.
Caesars operates Scioto Downs in Columbus. The popular location became the first Ohio racino in 2012 when it installed video lottery terminals.
But unlike MGM Northfield Park, which experienced minor problems in the days following the attack, Scioto Downs’ operations continued as normal. Caesars didn’t have any hiccups at any of its properties nationwide. The company said the breach only affected the Caesars Rewards program.
Hackers accessed Caesars loyalty members’ social security, driver’s license numbers
Caesars disclosed the breach in a regulatory filing with the Securities and Exchange Commission on Thursday, saying it learned about it last week. The company said the hack compromised the loyalty program members’ social security and driver’s license numbers.
However, no evidence indicates that banking or payment card information was accessed. The company also says that resort or gaming operations were not affected.
“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,“ Caesars said in the filing.
This has to be concerning news for folks who visit Scioto Downs Racino. According to July’s revenue report, Scioto Downs brought in $20.2 million. That was the seconnd most out of the seven Ohio racinos in July.
In other words, a lot of foot traffic created a large pool of potential victims.
The Bloomberg report says Caesars spent tens of millions of dollars to get its data back. According to the regulatory filing, an investigation determined that hackers acquired a copy of the Caesars loyalty program database.
Scioto Downs one of over 50 properties potentially affected
Caesars runs more than 50 resorts, casinos and racinos in the US, including Scioto Downs. As one of the most popular gambling brands in the country, hackers could have compromised countless amounts of confidential information.
Caesars says it’s still investigating the extent of the breach and will offer credit monitoring and identity theft protection services to loyalty program members. However, there aren’t any signs that any stolen information has been published.
According to the regulatory filing, Caesars claims the company did not pay a ransom. However, it was confirmed that money was spent due to this cyberattack.
“We have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter,” Caesars said in the filing. “The full scope of the costs and related impacts of this incident, including the extent to which these costs will be offset by our cybersecurity insurance or potential indemnification claims against third parties, has not been determined.”
An incident response line has been established to answer Caesars customers’ questions about the data breach. That line can be reached at (888) 652-1580 from 6 a.m. to 6 p.m. PT, Monday through Friday.
Meanwhile, MGM Resorts is still reeling after falling victim to a cyberattack. The breach there left several of the company’s systems offline starting this past weekend. The website for MGM Northfield Park is still down as of Thursday. MGM said in a statement that it’s still working to fix the issue.