Cyber-hackers recently targeted Caesars Entertainment and MGM Resorts International, two of the world’s largest casino companies, with Caesars leaders confirming that they paid a multi-million-dollar ransom after the hackers acquired a “significant number” of their customers’ driver’s licenses and Social Security numbers.
Caesars Entertainment, the world’s largest casino company, confirmed the cybersecurity attack in a September, 14, SEC filing. The company wrote that on September 7, “we determined that the unauthorized actor acquired a copy of, among other data, our loyalty program database, which includes driver’s license numbers and/or social security numbers for a significant number of members in the database.”
The Caesars Rewards loyalty program has over 65 million members, according to a National Public Radio report. The company operates ten Las Vegas hotels and resorts, according to its website, including Caesars Palace, Harrah’s Las Vegas, the Flamingo Las Vegas, and Planet Hollywood Resort and Casino.
The cybercrime group behind the attack demanded a $30 million ransom, according to news reports. Caesars Entertainment leaders negotiated and paid the cyber-criminals $15 million.
The FBI discourages paying ransoms to cyber-hackers, saying that it won’t guarantee an organization will get its data back, and it can incentivize more attacks.
“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” the SEC filing says. Caesars Entertainment is offering “credit monitoring and identity theft protection” to its loyalty program members.
Caesars Entertainment leaders said they do not anticipate a material effect on the company’s financial condition. The company’s share price has fallen over $5 since early September.
MGM Resorts International, the largest casino operator on the Las Vegas Strip, also acknowledged this month that it was the victim of cyberattacks. The company issued a press statement on September 12, saying that it “recently identified a cybersecurity issue.” The company filed to the SEC the same day.
Since the beginning of the month, the share price of MGM Resorts International has also fallen by over $5. The company owns the Bellagio, ARIA, the Cosmopolitan, Mandalay Bay, Four Seasons, New York-New York, Luxor, and MGM Grand, among other Las Vegas-based hotels.
David Bradbury, the chief security officer of the identity management company Okta, told Reuters that Caesars and MGM were both targeted by the hacking groups ALPHV and Scattered Spider.