Caesars Entertainment cyberattack traced to outsourced IT partner
NEVADA, UNITED STATES — Hotel and casino giant Caesars Entertainment confirmed a cyberattack last Thursday, September 7, tracing the origin to a security lapse in their outsourced IT support vendor.
The casino operator detected unusual activity in their IT network due to a social engineering attack on this external vendor.
Although customer-facing operations, both physical and digital, remain uninterrupted, the breach did expose sensitive data. An unauthorized actor accessed information, including loyalty program details such as driver’s license and social security numbers.
A representative from Caesars Entertainment said that the firm quickly activated their incident response protocols after detecting the issue. Financial information like customer passwords, PINs, or payment details was reportedly not compromised.
The casino company incurred expenses for containment and investigation, the extent of which is yet to be determined. Caesars also declined to comment on whether a ransom was paid to the hackers.
In a statement, the hacking group Scattered Spiders — also known as Roasted 0ktapus — claimed responsibility for the attack, stealing six terabytes of data in a coordinated assault on Caesars Entertainment and MGM Resorts International.
Earlier this year, TechCrunch reported that the Scattered Spiders group targets Business Process Outsourcing (BPO) companies as a gateway to infiltrate larger, more fortified organizations.
