Data from Caesars customers is believed to have been compromised after the recent cyberattack.
Caesars Entertainment specifically reached out to Maine’s Attorney General office with the notification. According to this notice, 41,397 Maine residents were affected in the data breach.
We’ll see that number continue to grow across the country. Caesars’ filing said the total number of people affected is “to be determined.”
Caesars has an Ohio presence. The Las Vegas-based gaming giant owns Scioto Downs, a racino in Columbus. The land-based presence allows them to operate a retail and online sportsbook (Caesars Sportsbook Ohio) in the Ohio sports betting industry.
Additionally, it could give the company an inside track to operating iGaming if future legislation ever allows Ohio online casinos.
But unfortunately, it also means certain Ohio-based Caesars customers had their information compromised.
What happened with the Caesars cyberattack?
Hackers used social engineering to access the Las Vegas-based company’s network in August. They impersonated an employee by finding their information on LinkedIn. From there, the attackers contacted Caesars’ IT help desk and got the employee’s password changed and jumped right into the system.
The hacker group, known as Scattered Spider, originally demanded $30 million from the entertainment giant, according to a CBNC report. Caesars ended up paying part of the ransom – $15 million, to be specific – in order to regain control of their system.
This same group initiated an identical scheme with MGM.
“Once the incident was contained, we initiated a detailed review to identify any sensitive personal information contained in data acquired by the unauthorized actor as part of the incident,” Caesars said in its statement.
What personal information is at risk?
If hackers can get into the database of a casino or entertainment giant, there’s no shortage of information they can get their hands on.
This can, of course, be limited depending on how these networks are set up. Some frameworks utilize a rules-based structure and work off of least-privilege access, meaning employees have the least access possible to complete their daily tasks.
For instance, if a hacker breaches through the account of someone lower on the totem pole, he or she cannot access all data in the system. These checks and balances are vital for protecting data and networks.
We still don’t know what exactly happened in this instance and we likely won’t. However, the information available could contain employee information, such as social security and bank account numbers. It may also include and vendor and customer information.
According to Caesars’ filing to the AG office in Maine, the information hackers got ahold of included personal information of state residents. Specifically, they had access to names and identifiers such as driver’s license numbers.
We don’t know how many Ohio residents were affected… yet
There is one Caesars property in Ohio: Scioto Downs.
The Columbus racino has been around since 1959, first starting as strictly a racing track. Over time, it blossomed into a gambling and entertainment hub. Earlier this year, Caesars updated the facility with a new grandstand, patio and clubhouse.
According to a revenue report from July, Scioto Downs commanded the second-highest revenue of Ohio’s seven racinos.
Being one of the state’s most popular entertainment destinations, it’s concerning that the parent company was a victim of this cyber attack. Last month, Caesars confirmed that the attack compromised loyalty program members’ social security and driver’s license numbers. That’s in line with the recent filings from the company.
Time will tell just how many Ohio residents were affected. But we should know sometime soon as more reports come out.