Data from parent of Indiana casinos stolen in cyberattack
Subscriber Benefit
As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe Now
The parent of several Indiana casinos said Thursday that cyber criminals stole personal information from a “significant number” of members of its loyalty club program.
In a filing with the U.S. Securities and Exchange Commission, Caesars Entertainment Inc. said information including driver’s license numbers and/or Social Security numbers of its Caesars Rewards program were stolen.
Caesars Entertainment operates Horseshoe Hammond Casino, Harrah’s Hoosier Park in Anderson, Horseshoe Indianapolis in Shelbyville, and Caesars Southern Indiana in Harrison County.
“We are still investigating the extent of any additional personal or otherwise sensitive information contained in the files acquired by the unauthorized actor,” the company said in the SEC filing. “We have no evidence to date that any member passwords/PINs, bank account information, or payment card information were acquired by the unauthorized actor.”
The company, headquartered in Reno, Nevada, also said its customer-facing operations, including physical properties and its online and mobile gaming applications, were not impacted by the breach.
Caesars said the breach was the result of a “social engineering attack” on an outsourced IT vendor used by the company. Additionally, the company said it has “taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result.”
According to Bloomberg News, Caesars paid tens of millions of dollars to the group behind the attack known as Scattered Spider or UNC 3944, according to sources.
“While no company can ever eliminate the risk of a cyberattack, we believe we have taken appropriate steps, working with industry-leading third-party IT advisors, to harden our systems to protect against future incidents. These efforts are ongoing,” the company said in the filing. “We have also taken steps to ensure that the specific outsourced IT support vendor involved in this matter has implemented corrective measures to protect against future attacks that could pose a threat to our systems.”
Caesars has set up an incident response line to answer questions about the incident, which is open Monday through Friday from 9 a.m. to 9 p.m. at (888) 652-1580. The company is also offering credit monitoring and theft protection services to all members of its loyalty program.