Caesars Entertainment Inc.
CZR,
disclosed Thursday that it has recently identified “suspicious activity” in its information technology network resulting from a “social engineering attack” on an outsourced IT support vendor. The casino operator said it determined that the cyber attacker acquired a copy of its loyalty program database, which includes driver’s license numbers and/or social security number for “a significant number” of members. “We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” Caesars said. The company said it has incurred, and may continue to incur, certain expenses related to the attack, including expenses to respond to, remediate and investigate the matter. The disclosure comes after The Wall Street Journal reported that Caesars paid roughly half of the $30 million the attackers demanded from the attack, which reports first surfaced over the weekend. the Separately, fellow casino operator MGM Resorts International
MGM,
said Thursday it was still working to resolve a cybersecurity issue. Caesars’ stock rose 0.9% in premarket trading, after falling 4.7% week to date through Wednesday.
