Pierluigi Paganini September 15, 2023

Caesars Entertainment announced it has paid a ransom to avoid the leak of customer data stolen in a recent intrusion.

Caesars Entertainment is the world’s most geographically diversified casino-entertainment company. It is the largest gaming company in the United States, with over 50 casinos and hotels in 13 U.S. states and five countries. The company also owns and operates a number of other businesses, including a golf course management company, a travel agency, and a marketing firm.

Recently the company suffered a ransomware attack and threat actors have stolen the personal information of a large number of people. The stolen data also includes driver’s license numbers and/or social security numbers.

The intrusion resulted from a social engineering attack on a third-party IT support vendor used by Caesars Entertainment. The casino-entertainment firm launched an investigation into the incident with the help of leading cybersecurity firms.

The company pointed out that customer-facing operations, including physical properties and online and mobile gaming applications, have not been impacted by this security breach.

“After detecting the suspicious activity, we quickly activated our incident response protocols and implemented a series of containment and remediation measures to reinforce the security of our information technology network. We also launched an investigation, engaged leading cybersecurity firms to assist, and notified law enforcement and state gaming regulators.” reads the 8-K filing. “As a result of our investigation, on September 7, 2023, we determined that the unauthorized actor acquired a copy of, among other data, our loyalty program database, which includes driver’s license numbers and/or social security numbers for a significant number of members in the database.”

The investigation is still ongoing to determine the extent of security incident. The company has no evidence that any member passwords/PINs, bank account information, or payment card information (PCI) were stolen by attackers.

The FORM 8-K report states that Caesars Entertainment has taken steps to ensure that the stolen data is deleted by the ransomware gang.

“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result. We are monitoring the web and have not seen any evidence that the data has been further shared, published, or otherwise misused” continues the report.

This means that the company opted to pay the ransom as confirmed by the Wall Street Journal, which states that the casino entertainment company paid roughly $15 million, half of the initial ransom demand of $30 million.

Over the weekend, another hospitality and entertainment company, MGM Resorts, was the victim of a cyber attack, its IT infrastructure across the United States was shut down.

The incident was discovered on Sunday and affected hotel reservation systems in the United States and other IT systems that run the casino floors

An affiliate of the BlackCat ransomware group gang has taken credit for the cyberattack.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)