Caesars cyberattack overview:
- Who: Caesars Entertainment disclosed to the Securities and Exchange Commission it suffered a data breach Sept. 7 as a result of a cyberattack against the company and its online operations.
- Why: Russia-based hacking group Scattered Spider reportedly took responsibility for the cyber attack and subsequent data breach.
- Where: The data breach impacts Caesars loyalty rewards members nationwide.
Caesars Entertainment disclosed to federal regulators it suffered a data breach Sept. 7 as a result of a cyberattack against the casino company and its online operations.
The data breach may have exposed personal information belonging to Caesars loyalty rewards members, including their driver’s license and Social Security numbers, according to a filing with the Securities and Exchange Commission (SEC).
“As a result of our investigation, on Sept. 7, 2023, we determined that the unauthorized actor acquired a copy of, among other data, our loyalty program database,” Caesars writes in its filing with the SEC.
Caesars told the SEC the cyberattack did not force the company to shut down its casino or online operations and it has already taken steps to ensure the “unauthorized actor” deletes any stolen data. The casino company acknowledged it could not guarantee the exposed data would be deleted, however.
Russia-based hacking group takes responsibility for cyberattack against Caesars
A hacking group going by the name of Scattered Spider reportedly took responsibility for the data breach, with the hackers purported to be part of a Russia-based operation known as ALPHV or BlackCat, NPR reports.
Scattered Spider is also known as UNC3944, according to cybersecurity firm Mandiant, which wrote in a blog analysis the group is a “financially motivated threat cluster” that likes to use phone-based social engineering and SMS phishing campaigns in its attacks.
“UNC3944 has demonstrated a stronger focus on stealing large amounts of sensitive data for extortion purposes and they appear to understand Western business practices, possibly due to the geographical composition of the group,” Mandiant says in the blog post.
Caesars’ disclosure comes after MGM Resorts International announced earlier this month that it was the target of a cyberattack the casino company says caused outages in its ATMs, slot machines, websites and other systems.
MGM says the cyberattack affected all of its resorts in Las Vegas, including Aria, Bellagio, Luxor, MGM Grand and Mandalay Bay.
Have you been impacted by the Caesars data breach? Let us know in the comments!
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
- USAA class action claims thousands affected by data breach
- Mom’s Meals class action alleges data breach exposed information of 1.2M individuals
- Genworth class action alleges insurer did not properly notify customers of data breach
- UnitedHealthcare class action alleges company failed to keep private info secure from data breach
22 thoughts onCaesars reports cyberattack but did not go offline
I received an email from Caesar’s Entertainment that I had been impacted
Add me
Received an email regarding this and the MGM data breach.
Please stop saying “ADD ME” folks! How do you possibly think that by typing that out it will add you to anything? Im serious, this is mind boggling.
Have you been impacted by the Caesars data breach? Let us know in the comments!
I’m a member, please add me
impacted
Add me
Yes i have received email regarding my involvement