Security News > 2023 > September > Caesars says cyber-crooks stole customer data as MGM casino outage drags on
Casino giant Caesars Entertainment has confirmed miscreants stole a database containing customer info, including driver license and social security numbers for a "Significant number" of its loyalty program members, in a social engineering attack earlier this month.
It's also reported the arachnid crew hit both Caesars and MGM Resorts, though reps for Scattered Spider, also known as 0ktapus, claimed they only hit MGM and had nothing to do with the Caesars raid.
In an 8-K form submitted late last week to the SEC, America's financial watchdog, Caesars - which owns more than 50 resorts and casinos in Las Vegas and 18 other US states - disclosed the theft of its customer database, which it blamed on "a social engineering attack on an outsourced IT support vendor."
The Register asked Caesars to clarify what specific steps were taken, among other questions about the fiasco: who is the unnamed IT outsourcer? Who was behind the break-in? Did those crooks demand a ransom and if so, how much, and was it paid?
Vital Vegas updated its coverage of the affair later that day to report Caesars paid $15 million to the extortionists, down from a $30 million demand, citing unnamed sources: "We are not making this up. Caesars talked them down like an episode of 'Pawn Stars.'".
As the mass outage across MGM Resorts enters its fourth day, that Las Vegas casino and hotel behemoth issued a second statement about its ongoing "Cybersecurity issue."
News URL
https://go.theregister.com/feed/www.theregister.com/2023/09/14/caesars_mgm_hacks/