On Thursday, casino giant Caesars Entertainment (CZR.O) confirmed a data breach that led to a leak of information, including details from its loyalty program database. The company said hackers accessed details, including driver’s license numbers and possibly social security numbers, for a “significant number” of members in the database.
The information was allegedly leaked to an unnamed website, and the company has been working with the site to remove it from access. It also has been communicating with affected guests to offer them identity protection services.
While there’s no way to know how many customers are affected, the company did say it was a small percentage of its total loyalty member base. That’s important because data breaches can have serious real-world implications for those whose information is released. In addition to identity theft, it can lead to financial losses or diminished trust in brands that share sensitive data.
The company said the attack began when hackers exploited a weakness in a third-party vendor, allowing them to gain access to its systems. The attackers then used the vulnerability to access its internal databases and files. Among other things, they gained access to customer and employee records and a list of the companies that have purchased its rewards points.
According to reports, the hackers demanded a sum in crypto and threatened to release the information unless a ransom was paid. The sum Caesars reportedly paid to the hackers is not yet public knowledge, but it’s likely to be disclosed in an upcoming SEC filing.
This comes after reports that MGM Resorts International was hacked by the same group of hackers that breached Caesars. MGM’s shares dropped nearly 5% on Wednesday, and Moody’s warned the attack could cause the credit rating agency to downgrade the company’s debt.
MGM says it was hacked by the same group that attacked Caesars, and it’s still investigating the incident. It didn’t disclose how much it was hacked for, and it’s unclear which systems were breached.
Experts say that hackers are targeting casinos more than ever, as the gaming industry is seen as a lucrative target by criminals. The industry is prone to these attacks because it uses lots of personal information to reward loyal customers. The data is usually stored in a central database or network that cybercriminals can access.
A research report by Recorded Future last year found that the hospitality industry was one of the most targeted industries for data breaches. The report’s authors say the most common attack against hospitality and leisure firms involves ransomware, where hackers encrypt files and demand payment to decrypt them. The researchers noted that casinos should be on high alert because they are especially vulnerable to such attacks. “Casinos should ensure their IT infrastructure is hardened against these threats,” the authors concluded. They recommend that the industry adopt best practices, such as implementing two-factor authentication for employees and separating its business and IT networks.