Casino operators Caesars Entertainment and MGM Resorts are working with law enforcement investigators as they continue to grapple with the impact of recent separate cyber attacks.
The cybersecurity breaches were reported within days of each other and follow several other high-profile cyber attacks in several industries. These include hacks of a third-party database serving Johnson & Johnson’s Janssen CarePath; a data file sharing service that affected millions including recipients of Medicare; and of a cloud-storage environment related to online password management service LastPass.
In a Sept. 14 Securities and Exchange Commission (SEC) filing, Caesars said that it is still investigating the scope of the breach but that on Sept. 7 an unauthorized actor acquired a copy of its loyalty program database, including information such as driver’s license numbers and/or social security numbers for a “significant number” of members.
Sign up for Kiplinger’s Free E-Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
“We have no evidence to date that any member passwords/PINs, bank account information or payment card information were acquired by the unauthorized actor,” Caesar said in the filing. The company said it will notify those affected by the breach on a rolling basis in the coming weeks.
The company said it recently identified suspicious activity in its information technology (IT) network resulting from a social engineering attack on an outsourced IT support vendor that it used. Caesars said its customer-facing operations including physical properties and online and mobile gaming applications were affected by the breach but that they continue without disruption.
Certain MGM properties closed following attack
At MGM, meanwhile, certain systems at properties nationwide remain shuttered following a cyber attack publicly revealed on Sept. 12. In a statement, the casino operator said it is taking steps to protect its systems and data including shutting down certain systems.
MGM’s shut down included its reservation systems, booking systems, hotel electronic key card systems and the casino floors, according to a CNBC report.
“We continue to work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly,” MGM posted on X.com on Sept. 14.
The MGMResorts.com website was a static webpage as of noon on Sept. 14, but it directed users to download the MGM Rewards app for restaurant options and reservations; to visit Ticketmaster.com to reserve a show or attraction; or visit AXS.com to buy tickets for UFC, Las Vegas Aces, Vegas Golden Knights or concerts.
MGM also said it is waiving change and cancellation fees for hotel reservations for those arriving Sept. 13-17.
Caesars is offering free credit monitoring and identity theft protection services to all loyalty program members. To sign up, call (888) 652-1580 Monday through Friday except on holidays.
Caesars also set up a website to address frequently asked questions about the incident.
RELATED CONTENT
