The Las Vegas Strip is in the throes of an escalating cyber crisis. Merely a couple of days following MGM Resorts International’s confirmation of a cyber attack, it appears that its competitor, Caesars Entertainment, is set to reveal to investors its own ordeal involving a ransomware assault.
In a recent report, anonymous sources who are well-acquainted with this incident informed Bloomberg about a digital intrusion carried out by a hacking collective called Scatter Spider, also known as UNC 3944. This group reportedly targeted Caesars with a ransomware attack and successfully blackmailed the casino giant into surrendering an undisclosed sum. Speculations are rampant on X (formerly Twitter) suggesting the likelihood of the ransom amounting to around $30 million or even more, paid by the owner of Harrah’s.
Recently put into effect by the Securities and Exchange Commission (SEC), a ruling mandates publicly listed companies to inform investors about any significant occurrences, such as cyber ransoms that can financially impact them. Such disclosures are to be made via the Item 1.05 Form 8-K, which Caesars is projected to file in the near future. The most recent SEC filing by Caesars dates back to August 25, as per the commission’s website. However, efforts to approach the casino company for a comment prior to the publication of this news report proved to be unsuccessful.
MGM, so far, has not verified claims of it being a victim of a ransomware invasion. Nonetheless, experts in the domain of cybersecurity speculate that the recent disruption of the company’s operations could bear traces of a ransomware breach.
The casino behemoth MGM’s alleged cyber breach reportedly took place when an imposter impersonating a staff member was successful in acquiring the company’s IT credentials. On the other hand, Scatter Spider managed to breach Caesars’ firewall by targeting an external vendor associated with them. As suggested by Bloomberg, Scatter Spider’s infiltration into Caesars’ system began on August 27.
Las Vegas Strip’s largest operators, MGM and Caesars, who also have an extensive distribution of regional casinos across the US, are now both grappling with cyber woes.
Although neither Caesars has publicly disclosed the financial loss caused by the cyber attack nor MGM has confirmed a ransomware scenario, the financial ramifications could affect investors in both firms. MGM’s breach was referred to as a “credit negative” event by Moody’s Investors Service in a recent statement to clients. While MGM’s credit rating remained unaltered, the research firm pointed out that this incident accentuates the precarious risks associated with the company’s heavy reliance on technology, and the potential disruption when systems are non-functional or have to be taken offline.
Added to this, Moody’s expressed concern over the potential revenue loss suffered by MGM during system downtime, the risk to its reputation, and any direct costs related to the ongoing investigation and damage control measures. Furthermore, litigation expenses or potential liabilities related to compromised data pose as added risks for MGM.