Hackers obtain Caesars Rewards database, including many customer SSNs

Binary code and the word hacked
Image: Shutterstock

MGM Resorts is not the only major US casino company hit by a cyberattack this month. According to a new SEC 8K filing from Caesars Entertainment, it too was hacked and customer data has been compromised as a result.

In a Sept. 14 filing, Caesars said the company recognized some suspicious activity after hackers attacked an outside IT vendor used by Caesars. Upon detecting the compromise, Caesars, “activated incident response protocols and implemented a series of containment and remediation measures to reinforce the security of our information technology network.”

The company also consulted with cybersecurity experts to determine the extent of what was compromised.

It appears hackers obtained a copy of the company’s Caesars Rewards database, including the driver’s license numbers and Social Security numbers of many patrons. Accordingly, the company is offering free credit monitoring and fraud protection services for all Caesars Rewards members. Impacted customers will also be notified.

Online chatter suggested that, like MGM, Caesars was attacked but, unlike MGM, quickly agreed to pay a ransom in exchange for being able to stay online and operational. No one has an exact number, but the ballpark of the ransom was in the range of “tens of millions of dollars.”

Meanwhile, MGM is entering its third day of disruption related to its cyberattack. The company issued a statement on Thursday morning:

“We continue to work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly. We couldn’t do this without the thousands of incredible employees who are committed to guest service and support from our loyal customers. Thank you for your continued patience.”