Caesars Entertainment Falls Victim to Cyber Attack, Confidential Customer Data Exposed


Renowned gaming entity, Caesars Entertainment, has confirmed that it was recently ensnared in a cyber attack, which led to bad actors honing in on its customer reward database among other data repositories maintained by the company.

In an official 8-K documentation filed with the Securities and Exchange Commission (SEC), Caesars has validated circulating rumors of facing a cyber security threat, transpiring on the heels of a similar incident involving its rival, MGM Resorts International. Rumor mills have suggested a payout amount of $30 million to the hacker group ‘Scattered Spider’ or UNC 3944 by Caesars. The casino operator, however, neither confirmed the payout amount nor named the malicious party in its filing but hinted at costs possibly spent toward countering the breach.

According to the SEC filing, “Certain expenses related to this attack have been and may continue to be, incurred, including costs associated with the response, remediation, and investigation into this issue.” The full extent of the associated costs and resulting effects from this incident, particularly those compensated by cybersecurity insurance or potential indemnification claims against third parties, remain undetermined.

Caesars’ Rewards, with its staggering 65-million member base, enjoys the status of being the largest loyalty program in the gaming industry, making it an attractive target for cyber criminals.

The regulatory filing asserts that the infiltrators managed to gain access to confidential data, including social security numbers and driver’s license details of a significant number of members. However, caesars reassured that there are no indications, so far, reflecting that the hackers acquired member PINs, payment card numbers, or bank account information.

Post the cyber attack, the gaming company has taken measures to eradicate the stolen data from unauthorized access; although absolute assurance of such a feat cannot be guaranteed, according to the disclosure. To safeguard customer interests, Caesars is offering free credit monitoring services to its members.

Despite the costly blow of an assumed $30 million, a significant amount by any measure, but comparably minor considering the gaming company’s market value of $11.27 billion, Caesars does not consider the ransomware attack ‘material.’ Regulatory obligations necessitate the disclosure of such incidents, and while the full spectrum of Caesars’ ordeal is yet to be transparent, it does not expect the hack to have a lingering negative impact on the company’s financial standing and future operations. Caesars stated in its regulatory document, “The full impact of this incident on guest behavior, including any potential negative impact on our financial state and operational results in the future, remains unpredictable at this time. However, we currently do not anticipate it causing a material effect on our financial and operational outcomes.”


Please enter your comment!
Please enter your name here