Joey Solitro
Casino operators Caesars Entertainment and MGM Resorts are working with law enforcement investigators as they continue to grapple with the impact of recent separate cyber attacks.
The cybersecurity breaches were reported within days of each other and follow several other high-profile cyber attacks in several industries. These include hacks of a third-party database serving Johnson & Johnson’s Janssen CarePath; a data file sharing service that affected millions including recipients of Medicare; and of a cloud-storage environment related to online password management service LastPass.
In a Sept. 14 Securities and Exchange Commission (SEC) filing, Caesars said that it is still investigating the scope of the breach but that on Sept. 7 an unauthorized actor acquired a copy of its loyalty program database, including information such as driver’s license numbers and/or social security numbers for a “significant number” of members.
From just $107.88 $24.99 for Kiplinger Personal Finance
Become a smarter, better informed investor. Subscribe from just $107.88 $24.99, plus get up to 4 Special Issues
Sign up for Kiplinger’s Free Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
“We have no evidence to date that any member passwords/PINs, bank account information or payment card information were acquired by the unauthorized actor,” Caesar said in the filing. The company said it will notify those affected by the breach on a rolling basis in the coming weeks.
The company said it recently identified suspicious activity in its information technology (IT) network resulting from a social engineering attack on an outsourced IT support vendor that it used. Caesars said its customer-facing operations including physical properties and online and mobile gaming applications were affected by the breach but that they continue without disruption.
Certain MGM properties closed following attack
At MGM, meanwhile, certain systems at properties nationwide remain shuttered following a cyber attack publicly revealed on Sept. 12. In a statement, the casino operator said it is taking steps to protect its systems and data including shutting down certain systems.
MGM’s shut down included its reservation systems, booking systems, hotel electronic key card systems and the casino floors, according to a CNBC report.
“We continue to work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly,” MGM posted on X.com on Sept. 14.
The MGMResorts.com website was a static webpage as of noon on Sept. 14, but it directed users to download the MGM Rewards app for restaurant options and reservations; to visit Ticketmaster.com to reserve a show or attraction; or visit AXS.com to buy tickets for UFC, Las Vegas Aces, Vegas Golden Knights or concerts.
MGM also said it is waiving change and cancellation fees for hotel reservations for those arriving Sept. 13-17.
Caesars is offering free credit monitoring and identity theft protection services to all loyalty program members. To sign up, call (888) 652-1580 Monday through Friday except on holidays.
Caesars also set up a website to address frequently asked questions about the incident.
RELATED CONTENT
-
AI Appliances Aren’t Exciting Buyers…YetThe Kiplinger Letter Artificial intelligence is being embedded into all sorts of appliances. Now sellers need to get customers to care about AI-powered laundry.
-
Ask the Editor: IRAs, 401(k)s and RMDsAsk the Editor In this week's Ask the Editor Q&A, Joy Taylor answers questions on IRAs, 401(k)s and required minimum distributions
-
Got $100 to Gamble? These Penny Stocks Could Be Worth the RideVolatile penny stocks are high-risk plays with potentially high rewards. If you have $100 you can afford to lose, these three names are worth a look.
