Data breach at Caesars Entertainment exposed SSNs and driver’s licenses of loyalty program members

Caesars Entertainment has recently disclosed a security incident that led to the theft of its loyalty program database, making it the second major casino operator in the US hit by a cyberattack this month.

Caesars said in a data breach notice that it had discovered unauthorized access to one of its IT networks “resulting from a social engineering attack on an outside IT support vendor” on Sept. 7.

“Our customer-facing operations, including our physical properties and our online and mobile gaming applications, have not been impacted by this incident and continue without disruption,” Caesars’ 8-K form filed with the US Security and Exchange Commission reads.

Major news outlets have also reported that Caesars allegedly paid $15 million in ransom to cybercriminals (half the threat actors’ initial demand) to prevent the leak of customer info online.

Stolen data includes sensitive personally identifiable information such as Social Security numbers and driver’s license numbers for an undisclosed number of loyalty program members.

“As a result of our investigation, on September 7, 2023, we determined that the unauthorized actor acquired a copy of, among other data, our loyalty program database, which includes driver’s license numbers and/or social security numbers for a significant number of members in the database,” Caesars said. “We are still investigating the extent of any additional personal or otherwise sensitive information contained in the files acquired by the unauthorized actor.”

The company added that it has no evidence so far that passwords, PINs or financial information were accessed or stolen during the attack.

The casino chain has also notified law enforcement and said it is continuing to monitor the web for evidence of leaked customer data.

Data breaches are inevitable. You can prepare for the fallout of security incidents or leaks that expose your personal information with Bitdefender Digital Identity Protection.

Our identity protection tool offers 24/7 data breach monitoring and alerts, weekly reports, personalized recommendations, and informative newsletters following scans, including actionable advice about what you should do next to secure your online accounts and digital identity.