Caesars: Driver’s license, Social Security data of loyalty members stolen in cyberattack

Hotel Room Barricade at Caesars Palace

Steve Marcus

An exterior view of the porte cochere at Caesars Palace Tuesday, July 11, 2023.

Data from members in the loyalty program at Caesars Entertainment was compromised this month when an unauthorized actor acquired a copy of the program’s database, including the driver’s license and Social Security numbers of members, the resort said in a report to the Securities and Exchange Commission.

“After detecting the suspicious activity, we quickly activated our incident response protocols and implemented a series of containment and remediation measures to reinforce the security of our information technology network,” officials wrote in the report, which was released today. The attack happened Sept. 7, they said.

“We also launched an investigation, engaged leading cybersecurity firms to assist, and notified law enforcement and state gaming regulators,” the company said.

Caesars paid a roughly $30 million ransom to hackers, the Wall Street Journal reported Wednesday. The report with the Securities and Exchange Commission doesn’t mention a ransom payment.

Caesars has properties up and down the Las Vegas Strip, including Caesars Palace, Horseshoe, Harrah’s, Planet Hollywood, Paris, Flamingo and Linq.

Caesars said it “identified suspicious activity in its information technology network resulting from a social engineering attack on an outsourced IT support vendor used by the company.” The company said its customer-facing operation — both in-person and mobile gaming applications — weren’t impacted.

This is the second reported cybersecurity attack on a prominent Las Vegas resort company this week. MGM Resorts International wasn’t as fortunate with the disruptions to its operations.

The attack resulted in a shutdown that prevented credit card transactions and crashed the BetMGM sports betting mobile app and company websites. It also prevented digital access to guest rooms, halted some slot machine play and provided the company plenty of bad publicity.

Some visitors to its properties still weren’t able to access their rooms digitally as of Wednesday, relying on staff to provide physical keys.