Caesars Entertainment has announced that many members of its loyalty program may have had their personal information stolen during a recent cyberattack.
According to a company statement, August’s cyberattack, which targeted an IT support vendor, resulted in hackers accessing customers’ personal information in Caesars’ loyalty program database.
The information included loyalty members’ names, social security numbers, ID numbers and dates of birth. However, the company noted that account PIN numbers and passwords remained secure while no payment details such as credit/debit card numbers or bank account information was stolen.
A clean-up operation is currently underway with all stolen data set to be deleted in due course. Caesars also stated that there was no evidence to suggest that the stolen information was used or shared.
Following the cyberattack, Caesars has offered two years of IDX identity theft protection services to any loyalty members who were affected by the hack or who have concerns over their personal information.
The company also asked that its loyalty program members stay alert and report anything suspicious in their account statements.
Data Compromised Despite Ransom Payout
When the first reports of the cyberattack emerged, it was revealed that Caesars allegedly paid out a ransom to the hacking group before the event was made public. A report by Bloomberg suggested that the hotel and casino operator paid as much as $30 million (€27.9 million) to hackers.
At the time of the reports, it was believed that no personal information was stolen during the attack given that a ransom was paid.
Caesars and MGM Face Lawsuits
MGM Resorts International was also the subject of a cyberattack that resulted in a company-wide systems shutdown. Reports last week revealed that the company expects losses relating to the hack to reach around $100 million (€94.8 million).
As a result of the cyberattacks on both Caesars, at least five lawsuits have been filed in US courts. The lawsuits allege that the companies failed to provide sufficient protection for customers’ personal and financial information.
The lawsuits also allege that both Caesars and MGM failed let customers know if their data was compromised during the attacks.
An experienced iGaming commentator and analyst based in New York City - Jenny reports on regulation and gambling industry news and events.