Casino giant Caesars Entertainment reports cyberattack; MGM Resorts says some systems still down
LAS VEGAS (AP) — Casino company Caesars Entertainment on Thursday joined Las Vegas gambling rival MGM Resorts International in reporting that it was hit by a cyberattack, but added in a report to federal regulators that its casino and online operations were not disrupted.
The Reno-based publicly traded company told the federal Securities and Exchange Commission that it could not guarantee that personal information about tens of millions of customers was secure following a data breach Sept. 7 that may have exposed driver’s license and Social Security numbers of loyalty rewards members.
“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor,” the company said, “although we cannot guarantee this result.”
Brett Callow, threat analyst for the New Zealand-based cybersecurity firm Emsisoft, said it was not clear if a ransom was paid or who was responsible for the intrusion — and for the attack reported Monday by MGM Resorts.
“Unofficially, we saw a group called Scattered Spider claimed responsibility,” Callow said. “They appear to be native English speakers under the umbrella of a Russia-based operation called ALPHV or BlackCat.”
Scattered Spider also is known as UNC3944, said Charles Carmakal, chief technical officer at cybersecurity firm Mandiant. He called the group “incredibly disruptive and aggressive” in recent targeting of hospitality and entertainment organizations.
“They leverage tradecraft that is challenging for many organizations with mature security programs to defend against,” Carmakal said in a statement.
Mandiant said in a blog analysis published Thursday the group uses SMS text phishing and phone calls to help desks to attempt to obtain password resets or multifactor bypass codes.
“This relatively new entrant in the ransomware industry has hit at least 100 organizations, most of them in the U.S. and Canada,” Mandiant said.
Caesars is the largest casino owner in the world, with more than 65 million Caesars Rewards members and properties in 18 states and Canada under the Caesars, Harrah’s, Horseshoe and Eldorado brands. It also has mobile and online operations and sports betting. Company officials did not respond to emailed questions from The Associated Press.
The company told the SEC that loyalty program customers were being offered credit monitoring and identity theft protection.
There was no evidence the intruder obtained member passwords or bank account and payment card information, the company reported, adding that operations at casinos and online “have not been impacted by this incident and continue without disruption.”
The disclosure by Caesars came after MGM Resorts International, the largest casino company in Las Vegas, reported publicly on Monday that a cyberattack that it detected Sunday led it to shut down computer systems at its properties across the U.S. to protect data.
Source: AP News