Caesars Entertainment, renowned as the largest casino chain in the United States, has revealed that it paid a ransom to prevent the online exposure of customer data stolen in a recent cyberattack. The attack targeted Caesars’ loyalty program database, which contains sensitive information such as driver’s license numbers and social security numbers.
In an 8-K form filed with the U.S. Securities and Exchange Commission, Caesars stated that they are currently investigating the extent of the acquired data and whether any additional personal or sensitive information was compromised. However, they have no evidence to suggest that member passwords, bank account information, or payment card details were accessed by the attackers.
The 8-K filing also suggests that Caesars paid a ransom, as reported by the Wall Street Journal, amounting to approximately $15 million, half of the initial $30 million demand made by the attackers. Nevertheless, Caesars acknowledges that they cannot guarantee the deletion of the stolen data by the unauthorized actor, nor can they provide assurances regarding the future actions of the threat actors, including the potential sale or leak of the customer information.
While Caesars has refrained from attributing the attack to a specific cybercrime group, a Bloomberg report indicates that the incident was orchestrated by a financially motivated threat group known as Scattered Spider, also tracked as UNC3944 and 0ktapus. This group employs social engineering, multi-factor authentication fatigue, and SMS credential phishing attacks to obtain user credentials and infiltrate target networks.
Caesars assures that customers who are not enrolled in their loyalty program have not been affected by the data breach. The company will notify all impacted individuals in the coming weeks. Caesars has reported the incident to law enforcement and has emphasized that the attack has not disrupted their customer-facing operations, including online and mobile gaming apps, as well as their physical properties.
Caesars’ cyberattack follows a similar incident affecting MGM Resorts International, which recently experienced a cyberattack forcing them to temporarily shut down their IT systems, impacting their websites, reservation systems, and casino services such as slot machines, ATMs and credit card machines. In 2019, MGM Resorts disclosed another cyberattack that resulted in the breach of their cloud services and the theft of over 10 million customer records.
CyberSec84 | Cybersecurity news. 
Leave a comment