Caesars Entertainment. has disclosed a data breach, which resulted in compromised personal information belonging to a “significant” number of customers.
Reno, Nevada-based Caesars is a major hotel and casino operator. It runs more than 50 properties worldwide and generated $10.8 billion in net revenue during its most recent fiscal year.
According to the filing, Caesars detected the breach earlier this month after spotting suspicious activity in its internal network. An investigation determined that hackers “acquired a copy of, among other data, our loyalty program database,” the company detailed.
The breach comprised information belonging to a significant number of loyalty program members. The stolen data included driver’s license numbers and Social Security numbers.
Caesars is currently investigating whether the hackers may have stolen additional information and said there’s no indication that loyalty members’ account information, passwords, or payment card details were accessed. Caesars added that the breach didn’t affect customer-facing operations across its properties and gaming applications.
The company has hired multiple cybersecurity firms to help it respond to the incident and notified the authorities. It has noted that members of Caesars’ loyalty program will receive access to credit monitoring and identity theft protection services. The company said that it plans to notify customers whose information was stolen in the breach.
Caesars shared a number of additional details about the breach in its regulatory filing. The company stated that it was a social engineering attack, a type of cyberattack in which hackers trick employees into giving them access to the corporate network. The social engineering attack didn’t target Caesars itself but rather an outsourced IT support vendor.
According to a Reuters report that attributes the attack, citing sources familiar with the matter, the Scattered Spider ransomware group is believed to be made up of young adults in the US and UK. The group is known for using social engineering schemes to trick users into handing over their login credentials and is tracked as an affiliate for the BlackCat/ALPHV ransomware.
Scattered Spider (aka Roasted 0ktapus) leverages a combination of credential phishing and social engineering to capture OTP codes, or it overwhelms targets using MFA notification fatigue tactics, Having obtained access, the adversary avoids using unique malware, instead favoring a wide range of legitimate remote management tools to maintain persistent access.