The attack appeared to come days before the massive MGM Resorts breach, also attributed to social engineering.
“Caesars Entertainment, Inc. (the “Company,” “we,” or “our”) recently identified suspicious activity in its information technology network resulting from a social engineering attack on an outsourced IT support vendor used by the Company. Our customer-facing operations, including our physical properties and our online and mobile gaming applications, have not been impacted by this incident and continue without disruption.” The information comes in a public 8K filing, now required by the SEC for public companies. Read more about the SEC rules here.
Caesars said the compromise involved driver’s license and social security info on members of its loyalty program.
The company also implied it was paying a ransom: “We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result.”