On September 14th, Caesars Entertainment joined its Las Vegas gambling competitor MGM Resorts International in the ranks of the casino giants that got hit by cyberattacks. However, in its report to federal regulatory bodies, the company added that its casino and online operations were not disrupted by the attack.
In a statement to the federal Securities and Exchange Commission, the Reno-based casino behemoth explained that it was unable to guarantee that the personal information of millions of customers was kept secure after a data breach into the company’s systems took place on September 7th. As a result of the attack, the Social Security numbers and driver’s license numbers of its members eligible for loyalty rewards may have been exposed to unauthorized third parties.
Caesars Entertainment, however, said that it had taken steps to make sure that the stolen data was deleted by the hackers but, still, it was unable to guarantee that result.
For the time being, it remains unclear whether the company paid ransom to the attackers. The identity of the person or group responsible for the intrusion remains unknown. As revealed by cybersecurity firm Emsisoft’s threat analyst Brett Callow, a group called Scattered Spider – a group of native English speakers under the umbrella of ALPHV (also known as BlackCat) – was unofficially reported as the one that claimed responsibility for the attacks.
The group that was allegedly responsible for the attacks – Scattered Spider – is also known as UNC3944. According to cybersecurity firm analysts, it was quite aggressive and disruptive in its most recent targeting of entertainment and hospitality companies.
Scattered Spider Hacker Group Rumored as the One Responsible for the Attack
Currently, Caesars Entertainment is addressed as the largest casino owner on a global scale, with over 65 million members of its Caesars Rewards scheme and properties situated in 18 US states and Canada that operate under the Caesars, Horseshoe, Harrah’s, and Eldorado brands.
So far, the company has not officially commented on the cyber attacks but revealed that the users of its loyalty program were being offered identity theft protection and credit monitoring services. Caesars Entertainment also reported there was no evidence that the intruder had managed to obtain member passwords or bank account or payment card information. The casino giant further shared that the operations of its brick-and-mortar and online casinos had not been affected by the incident and are currently available without any disruptions.
The US casino behemoth made the disclosures about the recent incident only days after the largest casino operator in Las Vegas, MGM Resorts International, reported that it became subject to a cyberattack that resulted in a massive shutdown of its computer systems at its properties across the country.
Following the attacks, MGM Resorts acknowledged that its reservations and casino floors not only in Nevada but also in other states were affected, with some customers being unable to enter their hotel rooms make credit card transactions, or obtain money from cash machines. Some of the operator’s video slot terminals were also inoperable.
