Unlike MGM, the casino and online operations were not affected, but their Loyalty members were affected by the cyberattack. Caesars told the SEC (Securities and Exchange Commission) that it could not guarantee that personal information from its tens of millions of Loyalty members was secure.
The Las Vegas data breach which happened on September 7 but was not made known to the public until now, revealed member US Social Security number as well as driver’s license numbers.
It was reported that Caesars paid a US$15 million ransom to the cybercrime group that infiltrated its database system and made the demand. The demand was for US$30 million. This is called a “pinky promise” although there is no way to tell if the hackers actually do delete the stolen information once they receive the ransom payment.
The highest ransom ever paid by a company for a cyberattack is believed to be US$40 million.
It was dished out by CNA financial, an insurance company in 2021.
It was unofficially noted that the group called Scattered Spider was claiming responsibility for the cyber breach. The group appears to be native English speakers under a Russia-based operation called ALPHV or BlackCat.
Loyalty members are being offered identity theft protection and credit monitoring by Caesars. It is believed that other information such as bank account, payment card, and passwords were not intercepted.
Cyberattacks in general can take months of recovery efforts. The FBI is investigating the Caesars and MGM attacks.
Cyberattack Recovery Process
Recovering from a cyberattack is a complex and multifaceted process that requires careful planning and execution. Once the attack has been contained, work on restoring affected systems and data from secure backups must take place to ensure that all vulnerabilities that were exploited are patched or fixed before bringing systems back online.
A review of security systems should take to determine the organization’s cybersecurity measures and make necessary improvements to prevent future attacks. This may include implementing stronger access controls, updating software and hardware, and enhancing employee training.
Transparency is of utmost importance during the process in order to rebuild trust with affected customers. Communication should be ongoing not only with those affected but by employees and stakeholders as well.
When a cyberattack occurs in the United States, there are legal and regulatory requirements that require compliance, such as reporting the attack to data protection authorities and notifying those affected, as well as taking appropriate legal action against the cyber attackers.
In the aftermath, the victim company will want to evaluate how well their Incident Response Plan responded to the breach and make updates and revisions for the future well being of the organization. This should demand continuous improvement of monitoring data systems to include detection of potential cyber activity.
Recovering from a cyberattack is a challenging and time-consuming process, and it’s essential to take a methodical and thorough approach in order to rebuilding the company’s reputation.
All Hail Caesar
Caesars Entertainment is the largest entertainment empire in the world with 50 destinations around the globe from Nevada to Mississippi to Dubai. It is the product of the joining of 2 very successful gaming leaders – Caesars Entertainment and Eldorado Resorts – who in 2020 created the largest and most diversified collection of destinations across the US as well as in Dubai.
Caesars Entertainment began in 1937 when Bill Harrah opened Harrah’s Bingo Club in Reno, Nevada. In 1947, Flamingo Hotel & Casino became the first casino on the Las Vegas Strip and by 1973, Harrah’s was the first casino company ever listed on the New York Stock Exchange.
Gaming brands include Caesars Palace, Harrah’s, Horseshoe, Eldorado, Silver Legacy, Circus Circus, Reno, and Tropicana.