Casino and hotel giant Caesars Entertainment reports compromised driver’s license and social security numbers of loyalty program customers.

Caesars Entertainment, the company operating more than fifty properties, including some of Las Vegas’ most significant landmarks, such as Caesars Palace and Paris Las Vegas, has been hit by a cyber-attack that compromised the sensitive personal information of many loyalty program customers. The incident resulted from a social engineering attack on a third-party IT support vendor hired by the resort giant.

The stolen information includes full names, driver’s licenses, social security numbers, addresses, and other personal information that fraudsters could exploit. According to a report by the Wall Street Journal, Caesars Entertainment paid a big chunk of $30 million ransom to the hackers after they threatened to release the stolen information. There is no evidence that the stolen data has been used to commit crimes, and the number of affected individuals remains unknown.

Caesars Entertainment discovered the attack on September 7th, 2023, and is currently cooperating with authorities to establish the identity of the perpetrators. The resort giant also stated that they have started notifying individuals who might have been affected by the cyber security attack. The victims are being offered credit monitoring and identity theft protection services.

Those caught in the spider’s web

Caesars Entertainment and all its high-profile properties on the Las Vegas Strip are not the only ones affected by hackers. Sin City generated interest among cybercriminals as another entertainment giant reported a similar incident. Bad actors also crippled MGM.

The cybercriminals responsible for the incident are either from ALPHV, also often referred to as Black Cat, or an organization called Scattered Spider. The attack was noticed by MDM on September 10th after doors and elevators in MGM facilities became unusable, as well as slot machines and ATMs.

MGM was forced to shut down computer systems for days, causing inconvenience to both employees and customers. Currently, there is no information on how the attack happened and if it is related to the attack on Caesars Entertainment.

The FBI is investigating the incident, and CISA is working with MGM to understand the impact of the cyber security breach, as currently, it is unknown what the hackers managed to steal from the entertainment giant. MGM’s official website was not operational for days.

Hackers might go after other high-profile players in Las Vegas, including Hard Rock International and Vici Properties, the organizations behind other Las Vegas landmarks, such as The Mirage, Luxor, and Hard Rock Hotel and Casino. However, neither Vici Properties nor Hard Rock International reported any recent cyber incidents.