Casino Operators Caesars and MGM Still Reeling From Cyber Attacks

Caesars confirms breach of its loyalty program database; MGM website and operations at many properties remain down.

An abstract, blurred lights image of the interior of a casino.
(Image credit: Yana Iskayeva, Getty Images)

Casino operators Caesars Entertainment and MGM Resorts are working with law enforcement investigators as they continue to grapple with the impact of recent separate cyber attacks.

The cybersecurity breaches were reported within days of each other and follow several other high-profile cyber attacks in several industries. These include hacks of a third-party database serving Johnson & Johnson’s Janssen CarePath; a data file sharing service that affected millions including recipients of Medicare; and of a cloud-storage environment related to online password management service LastPass.

In a Sept. 14 Securities and Exchange Commission (SEC) filing, Caesars said that it is still investigating the scope of the breach but that on Sept. 7 an unauthorized actor acquired a copy of its loyalty program database, including information such as driver’s license numbers and/or social security numbers for a “significant number” of members.

Subscribe to Kiplinger’s Personal Finance

Be a smarter, better informed investor.

Save up to 74%

Sign up for Kiplinger’s Free E-Newsletters

Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.

Profit and prosper with the best of expert advice - straight to your e-mail.

Sign up

“We have no evidence to date that any member passwords/PINs, bank account information or payment card information were acquired by the unauthorized actor,” Caesar said in the filing. The company said it will notify those affected by the breach on a rolling basis in the coming weeks.

The company said it recently identified suspicious activity in its information technology (IT) network resulting from a social engineering attack on an outsourced IT support vendor that it used. Caesars said its customer-facing operations including physical properties and online and mobile gaming applications were affected by the breach but that they continue without disruption.

Certain MGM properties closed following attack

At MGM, meanwhile, certain systems at properties nationwide remain shuttered following a cyber attack publicly revealed on Sept. 12. In a statement, the casino operator said it is taking steps to protect its systems and data including shutting down certain systems.

MGM’s shut down included its reservation systems, booking systems, hotel electronic key card systems and the casino floors, according to a CNBC report.

“We continue to work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly,” MGM posted on on Sept. 14.

The website was a static webpage as of noon on Sept. 14, but it directed users to download the MGM Rewards app for restaurant options and reservations; to visit to reserve a show or attraction; or visit to buy tickets for UFC, Las Vegas Aces, Vegas Golden Knights or concerts.

MGM also said it is waiving change and cancellation fees for hotel reservations for those arriving Sept. 13-17.

Caesars is offering free credit monitoring and identity theft protection services to all loyalty program members. To sign up, call (888) 652-1580 Monday through Friday except on holidays.

Caesars also set up a website to address frequently asked questions about the incident.


Senior News Editor

Esther D’Amico is Kiplinger’s senior news editor. A long-time antitrust and congressional affairs journalist, Esther has covered a range of beats including infrastructure, climate change and the industrial chemicals sector. She previously served as chief correspondent for a financial news service where she chronicled debates in and out of Congress, the Department of Justice, the Federal Trade Commission and the Commerce Department with a particular focus on large mergers and acquisitions. She holds a bachelor’s degree in journalism and in English.

With contributions from