Caesars Entertainment, Inc., a well-known global hospitality brand, has been hacked by a cybercrime gang that stole a vast chunk of data, including the company’s loyalty program database.
In a filing with the SEC, Caesars said the hijacked data includes driver’s license numbers and/or social security numbers for a significant number of members in the database and provided a hint that a ransomware demand was paid to minimize the damage.
“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” Caesars said in the 8-K filing. We are monitoring the web and have not seen any evidence that the data has been further shared, published, or otherwise misused.”
Caesars said it currently has no evidence that member passwords/PINs, bank account information, or payment card information (PCI) were part of the data copied by the cybercriminal group.
The company said it identified “suspicious activity” on its network that resulted from a social engineering attack on an unnamed third-party support vendor.
“We quickly activated our incident response protocols and implemented a series of containment and remediation measures to reinforce the security of our information technology network. We also launched an investigation, engaged leading cybersecurity firms to assist, and notified law enforcement and state gaming regulators,” Caesars said.
Caesars said its core customer-facing operations – both online platforms and physical locations – remained untouched and operations continued without disruption.
The company said it has also taken steps to ensure that the specific outsourced IT support vendor involved implements corrective measures to protect against future attacks that could pose a threat to its systems.
The Caesars breach confirmation follows news that MGM Resorts is also struggling with the fallout from a “cybersecurity issue” that took its IT systems and web sites offline. A ransomware gang has taken credit for the MGM Resorts hack, which impacted MGM’s website, casinos, and systems used for email, restaurant reservations, and hotel bookings, and even digital hotel room keys.
Related: The Chaos (and Cost) of Lapsus$ Hacking Spree
Related: Ransomware Gang Takes Credit for MGM Resorts Cyberattack
Related: MGM Resorts Confirms ‘Cybersecurity Issue’
Related: Blackbaud Fined for Misleading Ransowmare Disclosure