Caesars Entertainment Reveals Major Ransomware Breach

Written by

Yet another Nevadan casino and hotel chain giant has been compromised by ransomware threat actors, after Caesars Entertainment reported a serious incident to the SEC.

The Reno-headquartered gaming and hospitality firm, which generates annual revenues in excess of $3bn, said in the filing yesterday that it recently discovered suspicious activity “resulting from a social engineering attack on an outsourced IT support vendor.”

The firm subsequently activated its incident response protocols and notified the relevant authorities.

“As a result of our investigation, on September 7, 2023, we determined that the unauthorized actor acquired a copy of, among other data, our loyalty program database, which includes driver’s license numbers and/or social security numbers for a significant number of members in the database,” it continued.

“We are still investigating the extent of any additional personal or otherwise sensitive information contained in the files acquired by the unauthorized actor. We have no evidence to date that any member passwords/PINs, bank account information, or payment card information (PCI) were acquired by the unauthorized actor.”

Read more on ransomware: MGM Criticized for Repeated Security Failures

A Bloomberg report revealed the threat group as Scattered Spider (aka UNC3944/oktapus) and added that Caesars had paid $15m to its extortionists to prevent the data going public.

The firm hinted at a ransom payment in the Form 8-K.

“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” the filing read. “We are monitoring the web and have not seen any evidence that the data has been further shared, published, or otherwise misused.”

Dave Ratner, CEO of HYAS, argued that social engineering is one of the most popular tactics employed by threat actors for initial access, but one of the hardest to tackle.

“Continued user training is needed. However, this must be complemented with defense-in-depth strategies that assume breaches will occur and detect the initial tell-tale signs of a breach – the digital exhaust indicating anomalous activity – so that the attack can be stopped before it expands and impacts operational resiliency,” he added.

Also this week, MGM Resorts International was hit by a suspected ransomware attack which took out its website, online bookings and in-casino services including slot machines and ATMs.

What’s hot on Infosecurity Magazine?