Caesars Palace Casino Loses US Resident Data to Extortionists

Large-Scale Cyber Attack Reveals Data Breach at Caesars Palace Casino

In a recent announcement at the Caesars Palace casino in Las Vegas, it has been revealed that the company experienced a significant cyber attack in September, resulting in the theft of personal data belonging to over 41,000 residents of the state of Maine.

The attack was conducted through social engineering against a third-party IT supplier of Caesars. The cybercriminals managed to gain unauthorized access to the hotel’s loyalty program network, allowing them to carry out the large-scale data breach.

The breach was initiated on August 18, 2023, with data extraction beginning on August 23. By September 7, it was determined that the stolen information included personal details such as customer names, driver’s license numbers, and passport numbers. Fortunately, no financial information was compromised.

In response to the incident, Caesars Palace promptly took action to ensure the attackers deleted the stolen data. However, the company acknowledges that it cannot guarantee the complete deletion. Unconfirmed reports suggest that Caesars paid a ransom of $15 million to the hackers. Additionally, affected clients were offered two years of protection against the leakage of their personal information.

In a similar incident, the renowned casino and hotels network MGM Resorts also fell victim to an attack by the same hacker group known as Scatted Spider (Unc3944). Unlike Caesars Palace, MGM Resorts decided not to pay a ransom, citing successful system restoration from backups.

/Reports, release notes, official announcements.