Casino company Caesars Entertainment Inc on Thursday joined Las Vegas gambling rival MGM Resorts International in reporting a cyberattack, but added in a report to federal regulators that its casinos and online Operations were not disrupted.
Publicly traded company headquartered in Reno Tell the Federal Securities and Exchange Commission The company was unable to secure the personal information of tens of millions of customers after a Sept. 7 data breach that may have exposed Loyalty Rewards members’ driver’s licenses and Social Security numbers.
“We have taken steps to ensure that unauthorized actors delete stolen data, although we cannot guarantee this outcome,” the company said.
Brett Callow, a threat analyst at New Zealand cybersecurity firm Emsisoft, said it was unclear whether a ransom was paid or who was responsible for the intrusion and the attack reported on Monday by MGM Resorts.
“Unofficially, we saw a group called Scattered Spiders claiming responsibility,” Carlo said. “Their native language appears to be English and they are affiliated with a Russian company called ALPHV or BlackCat.”
Caesars is the world’s largest casino owner, with more than 65 million Caesars Rewards members and properties in 18 states and Canada under the Caesars, Harrah’s, Horseshoe and Eldorado brands. It also has mobile and online operations as well as sports betting. Company officials did not respond to emailed questions from The Associated Press.
Loyalty program customers will receive credit monitoring and identity theft protection, the company told the Securities and Exchange Commission.
The company reported that there was no evidence that the intruders obtained member passwords or bank account and payment card information, adding that the casino and online operations “were not affected by this incident and will experience no disruption.”
Caesars’ disclosure comes after Las Vegas’ largest casino company, MGM Resorts International Public reporting on Monday A cyberattack detected on Sunday led the company to shut down computer systems at its properties across the United States to protect data.
MGM Resorts said reservations and casino floors in Las Vegas and other states were affected. Customers shared stories on social media of being unable to make credit card transactions, withdraw money from cash machines or enter hotel rooms. Some video slot machines are pitch black.
MGM Resorts has approximately 40 million loyalty rewards members and tens of thousands of hotel rooms in Las Vegas, including the MGM Grand, Bellagio, Aria and Mandalay Bay. The company also operates properties in China and Macau.
a company Report to SEC on Tuesday pointed to its press release issued on Monday.this The FBI said The investigation is ongoing, but no further information was provided.
Some computer systems at MGM Resorts remained down Thursday, including hotel reservations and payroll. But company spokesman Brian Ahern said it expects its 75,000 employees in the United States and abroad to be paid on time.
Carlo said by phone from British Columbia, Canada, that most media coverage of the incidents was speculative because the information appeared to come from the same entity that claimed to have carried out the attacks. He said recovery from a cyberattack could take months.
Carlo noted that he considered reports that Caesars Entertainment was being asked to pay $30 million to secure its data “credible” and that Caesars Entertainment may have paid $15 million. He also noted that the company did not describe in the SEC report the steps it took to secure the stolen data.
Carlo said the highest ransom believed to have been paid by insurance giant CNA Financial to cyber attackers after a March 2021 data breach was $40 million.
“In these cases, organizations are essentially paying to get a ‘pinky promise,'” he said. “There’s no way to really know if (the hackers) deleted (the stolen data) or if it wasn’t used elsewhere.”
Svlook