After MGM Resort Hack, Caesars Entertainment Also Reports a Breach
The company that runs Caesars Palace in Las Vegas says it also suffered a breach as MGM Resorts International continues to deal with an apparent ransomware incident at its properties.
Caesars Entertainment disclosed the hack today in a stock exchange filing. Attackers pulled off the breach through a “social engineering attack on an outsourced IT support vendor used by the company,” it said. This means the hackers may have pretended to be an employee at Caesars Entertainment and tricked the IT support vendor into giving up access to the company’s systems through a password reset.
The breach led the hackers to steal customer data through a loyalty program, a likely reference to Caesars Rewards. On Sept. 7, the company’s investigation found that details including driver’s license and Social Security numbers “for a significant number of members in the database” had been looted.
Caesars Entertainment didn’t immediately respond to a request for comment, making the scale of the breach unclear. But in the stock exchange filing, the company said: “We have no evidence to date that any member passwords/PINs, bank account information, or payment card information (PCI) were acquired by the unauthorized actor.”
Interestingly, Caesars Entertainment is signaling it paid off the hackers to prevent the stolen data from leaking or being sold to other cybercriminals. In the filing, the company writes: “We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result. We are monitoring the web and have not seen any evidence that the data has been further shared, published, or otherwise misused.”
The Wall Street Journal also reports that Caesars Entertainment paid the
Read more on pcmag.com
