Published: October 9, 2023, 09:26h.
Last updated: October 9, 2023, 09:27h.
Caesars Entertainment recently sent an email to numerous Caesars Rewards members regarding the cyberattack they experienced in September. The attack led to the company paying a hefty sum to ensure the preservation of their operating systems.
According to Caesars’ recent securities filing, they paid a ransom to a criminal cybergang, rumored to be around $30 million. The purpose of the payment was to ensure that the stolen data would not be sold or shared on the dark web, but there is no absolute guarantee that the compromised information won’t be wrongfully distributed.
Despite the ransom payment, Caesars representatives admit that there is still a risk of the stolen files and documents being shared. However, they have not received any reports of the data being distributed thus far.
The cyberattack primarily targeted the Caesars Rewards database, which encompasses more than 65 million members. This loyalty program extends from their Las Vegas operations to regional properties and online sportsbook and iGaming platforms.
Free Credit Monitoring
Caesars’ SEC filing revealed that sensitive information on Caesars Rewards members, including driver’s license numbers and social security numbers, was compromised in the attack. As a result, Caesars Entertainment has reached out to potentially affected members, offering them two years of complimentary identity theft protection services and credit monitoring through IDX, an Oregon-based firm specializing in data breach responses.
Each affected member receives an “Incident Notice” with an enrollment code to register for the identity theft monitoring service on the IDX website.
By enrolling in the IDX monitoring, Caesars Rewards members will receive immediate alerts for any changes to their credit report. IDX’s “CyberScan” continuously monitors criminal websites, chat rooms, and online bulletin boards for illegal trading or selling of personal information.
Vendor Security Breach
Caesars Entertainment also confirmed that the cyberattack affected one of its vendors responsible for managing the casino’s loyalty program. While the third party remains unnamed, it is known to be an attack on an IT support vendor.
This IT firm possesses sensitive data on Caesars Rewards members, including names, social security numbers, and dates of birth. However, there is currently no evidence that any seized information has been distributed.
Unlike Caesars, MGM Resorts chose not to pay a ransom after facing a similar attack from the same group, “Scattered Spider.” MGM estimates the attack will cost the company over $110 million in earnings before interest, taxes, depreciation, and amortization for the third quarter.