Scioto Downs Safe After Caesars Hack Only Hits Rewards Program

Written By C.J. Pierre on September 14, 2023
Caesars Ohio cybersecurity attack

Five days after a cyberattack crippled operations of MGM Resorts properties nationwide, Caesars Entertainment acknowledged it was the target of one as well.

According to a report from Bloomberg, Caesars acknowledged the attack in a regulatory filing. But unlike MGM, Caesars paid “millions” to prevent further harm.

A hacker group known as Scattered Spider, or UNC3944, perpetrated the attack on both gaming giants. The organization comprises young adults in the U.S. and U.K. skilled at accessing large corporate networks.

First, the group hacked a third-party IT vendor. Then, they gained access to the Caesars network.

Payment likely kept Caesars’ properties running smoothly

Both MGM and Caesars operate casinos in Ohio. But spending money appears to have kept Caesars’ properties running smoothly.

Caesars operates Scioto Downs in Columbus. The popular location became the first Ohio racino in 2012 when it installed video lottery terminals.

Thanks to the Ohio sports betting launch last January, it also has a Caesars-branded retail sportsbook. Additionally, the property gives Caesars Sportsbook Ohio market access.

But unlike MGM Northfield Park, which experienced minor problems in the days following the attack, Scioto Downs’ operations continued as normal. Caesars didn’t have any hiccups at any of its properties nationwide. The company said the breach only affected the Caesars Rewards program.

Hackers accessed Caesars loyalty members’ social security, driver’s license numbers

Caesars disclosed the breach in a regulatory filing with the Securities and Exchange Commission on Thursday, saying it learned about it last week. The company said the hack compromised the loyalty program members’ social security and driver’s license numbers.

However, no evidence indicates that banking or payment card information was accessed. The company also says that resort or gaming operations were not affected.

“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,“ Caesars said in the filing.

This has to be concerning news for folks who visit Scioto Downs Racino. According to July’s revenue report, Scioto Downs brought in $20.2 million. That was the seconnd most out of the seven Ohio racinos in July.

In other words, a lot of foot traffic created a large pool of potential victims.

The Bloomberg report says Caesars spent tens of millions of dollars to get its data back. According to the regulatory filing, an investigation determined that hackers acquired a copy of the Caesars loyalty program database.

Scioto Downs one of over 50 properties potentially affected

Caesars runs more than 50 resorts, casinos and racinos in the US, including Scioto Downs. As one of the most popular gambling brands in the country, hackers could have compromised countless amounts of confidential information.

Caesars says it’s still investigating the extent of the breach and will offer credit monitoring and identity theft protection services to loyalty program members. However, there aren’t any signs that any stolen information has been published.

According to the regulatory filing, Caesars claims the company did not pay a ransom. However, it was confirmed that money was spent due to this cyberattack.

“We have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter,” Caesars said in the filing. “The full scope of the costs and related impacts of this incident, including the extent to which these costs will be offset by our cybersecurity insurance or potential indemnification claims against third parties, has not been determined.”

An incident response line has been established to answer Caesars customers’ questions about the data breach. That line can be reached at (888) 652-1580 from 6 a.m. to 6 p.m. PT, Monday through Friday.

Meanwhile, MGM Resorts is still reeling after falling victim to a cyberattack. The breach there left several of the company’s systems offline starting this past weekend. The website for MGM Northfield Park is still down as of Thursday. MGM said in a statement that it’s still working to fix the issue.

Photo by Shutterstock
C.J. Pierre Avatar
Written by
C.J. Pierre

C.J. Pierre is a Lead Writer at PlayOhio. He has been covering news and sports for over a decade for both online and TV broadcasts. He was born and raised in Minneapolis, MN and is an alum of Minnesota State University: Moorhead. He recently dove into tribal casino, sports betting and online gambling news. He also covered the launch of sports betting in Arizona. C.J. has experience as a reporter and videographer and has covered high school, college and professional sports throughout his career, most notably following Arizona Cardinals, Phoenix Suns, Minnesota Vikings and North Dakota State University football.

View all posts by C.J. Pierre