Ransomware Hackers Pull Off Another Casino Heist Making Away With Millions Of Dollars
In an SEC (Securities and Exchange Commission) filing, Caesar Entertainment officially disclosed a cyberattack that penetrated its database and that an "unauthorized actor acquired a copy of, among other data, our loyalty program database, which includes driver’s license numbers and/or social security numbers for a significant number of members in the database". The hackers thus demanded $30 million from Caesars, otherwise the stolen information would be sold online.
The "unauthorized actor" in question is suspected to be a hacker group called Scattered Spider (a.k.a. UNC 3944). Its members are mostly based in the US and UK, comprised of young adults, some reported as young as 19 years old. In this case, the group began the attack last month (reported around August 27), though not at Caesars right away but through an outside IT vendor. Utilizing social engineering manipulation, the hackers were then able to breach Caesars' systems.
According to the
This attack is alarming in that the disclosure comes after another incident with MGM Resorts International earlier this week, and likely exposes specific vulnerabilities common within hospitality businesses.