Caesars Entertainment, the second major casino operator targeted in cyberattack.
Cyberattacks Hit Major Las Vegas Hotels and Casinos
OAN’s Elizabeth Volberding
3:20 PM – Thursday, September 14, 2023
After a cyberattack struck MGM Resorts on Sunday, including its Las Vegas gaming giant properties such as the Bellagio and the MGM Grand, Caesars Entertainment claimed that it was also a target of a cyberattack.
On Thursday, Caesars announced in a Securities and Exchange Commission (SEC) filing that hackers had gained access to “a significant number” of customer information and Social Security numbers of those registered for the Caesars loyalty program.
“After detecting the suspicious activity, we quickly activated our incident response protocols and implemented a series of containment and remediation measures to reinforce the security of our information technology network,” Caesars said in the filing.
According to people familiar with the situation, hackers utilized a social engineering technique in which a person posing as an employee contacted the company’s Information Technology (IT) help line to request a password change.
Caesars stated that the incident resulted from a social engineering attack on a vendor who provided outsourced IT support, but it didn’t elaborate on “the unauthorized actor” who was responsible for it. Additionally, Caesars stated that there is no evidence that passwords, payment or bank account information was accessed.
This makes Caesars Entertainment the second major Las Vegas hotel and casino operator to disclose that it had been hacked in recent days.
Furthermore, Caesars’ announcement regarding the cyberattacks came after MGM Resorts, which is the biggest operator on the Las Vegas Strip, responded to its own cybersecurity incident. MGM is still recovering from a cyber attack that occurred on Sunday which led to important services such as reservations, booking, and even some casino operations being unavailable.
MGM explained that the “cybersecurity issue” on Sunday prompted the company to shut down “certain systems.” Slot machines, sports-betting kiosks, digital keys for hotel rooms, online reservations and credit-card transactions were shut down.
As a result, MGM managed its resorts with backup procedures. The protocols included some properties checking guests in with pen and paper and paying out of slot machine wins manually.
“We continue to work diligently to resolve our cybersecurity issues while addressing individual guest needs promptly,” MGM Resorts said a statement on Thursday. “We couldn’t do this without the thousands of incredible employees who are committed to guest service and support from our loyal customers. Thank you for your continued patience.”
“It was kind of chaotic,” Las Vegas visitor Walter Haywood said to KTNV. “The machines wouldn’t take our ticket. Lines everywhere. Just chaos.”
Unlike MGM, Caesars had not yet dealt with public service outages being hacked until recently.
Caesars shared that it had “taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result.”
Additionally, the company said that it had not seen evidence that data accessed in the cyberattack has been published or misused so far. Participants in the company’s loyalty program will receive credit that monitors and identifies theft protection. Caesars is planning to alert customers affected in the coming weeks.
Hotels and casinos have the potential to be profitable targets for hackers due to the large amount of personal and financial data that they can gather from customers. Such attacks present a challenging decision for victims: possibly dealing with the fallout from disclosures or destructive cyberattacks, or giving money to cybercriminals and trusting them to retreat.
Ultimately, the SEC created rules that require companies to report cybersecurity events within four days of being deemed material to their business which will go into effect in December.
Stay informed! Receive breaking news blasts directly to your inbox for free. Subscribe here. https://www.oann.com/alerts
What containment and remediation measures did MGM Resorts implement to address the cyberattack?
Quote”>
“Our technical teams acted swiftly to implement a series of containment and remediation measures to address the issue and successfully bring the impacted systems back online,” MGM Resorts said in a statement. “At this time, our investigation has not uncovered any evidence that guest or employee data was accessed or exfiltrated.”
While MGM Resorts did not disclose the specifics of the cyberattack, experts speculate that it was a ransomware attack, a type of malicious software used by hackers to encrypt a victim’s data and demand payment in exchange for its release.
The recent cyberattacks on major Las Vegas hotels and casinos highlight the increasing vulnerability of the hospitality industry to cyber threats. With a vast amount of customer data, including personal information and financial details, stored across various systems, hackers see the industry as a lucrative target.
According to cybersecurity experts, the hospitality industry faces unique challenges when it comes to cybersecurity. The reliance on multiple interconnected systems, such as hotel reservation systems, point-of-sale systems, and customer loyalty databases, creates numerous entry points for attackers.
Furthermore, the industry is known for its high turnover rates and reliance on third-party vendors for various services, making it difficult to enforce consistent cybersecurity protocols across different entities.
As the frequency and sophistication of cyberattacks continue to rise, it is imperative for hotels and casinos to prioritize cybersecurity measures. This includes regularly updating and patching software, implementing robust network security measures, conducting regular security audits, and providing comprehensive cybersecurity training for employees.
Additionally, industry-wide collaboration and information sharing can play a crucial role in preventing and mitigating cyberattacks. By sharing knowledge and best practices, hotels and casinos can stay ahead of emerging threats and better protect their systems and customers.
Ultimately, the cyberattacks on major Las Vegas hotels and casinos serve as a wake-up call for the entire hospitality industry. The stakes are high, and the risks are real. Investing in robust cybersecurity measures is not only a matter of protecting business operations and customer trust but also a necessary step in safeguarding sensitive personal information.
As the industry rebuilds and recovers from these recent attacks, it must take proactive steps to fortify its defenses and establish a culture of cybersecurity. Only then can hotels and casinos provide their customers with the peace of mind they deserve when entrusting their personal and financial information.
The threat of cyberattacks is an ongoing battle, but with vigilance, collaboration, and a commitment to cybersecurity, the hospitality industry can strengthen its resilience and ensure a safer digital future for all.
" Conservative News Daily does not always share or support the views and opinions expressed here; they are just those of the writer."
