Cyberwarfare is everywhere and Caesars Sportsbook just became its most recent casualty, as did those Rewards members whose information could now be compromised.
Technically Caesars’ database wasn’t hacked but rather it was a third-party vendor that opened a door and a nefarious hacking group, Scattered Spider or UNC 3944, used a social engineering tool to exploit the security breach and steal the information of an untold number of Caesars Rewards customers.
On September 7th, an unauthorized user gained access and irregular activity occurred that included data from the Caesars Rewards loyalty program and other information being copied.
The statement contained in the company’s 8-K filing stated, “We determined that the unauthorized actor acquired a copy of, among other data, our loyalty program database, which includes driver’s license numbers and/or social security numbers for a significant number of members in the database.”
The information breach could have included as many as 65 million Caesars Rewards customers but it doesn’t appear any bank records, credit card information, PINS, or passwords were exposed in the cyberstrike.
Caesars Pays Up
The crime was reported in Caesars’ 8-K filing to the Security and Exchange Commission (SEC) and if you believe the rumors, the hackers initially asked for a reported $30 million to delete the information.
A source at Bloomberg, via a Yahoo Finance post, stated that Caesars negotiated the ransom to $15 million in exchange for a promise that the information would be deleted by the hackers. At first blush, this seems like an awful lot of money to pay for a promise with no guarantees that the bad actors will honor their commitment in exchange for the money.
However, the only way to ensure that victims of cyberattacks pay the ransom requested is if the hackers hold up their end of the bargain. If they do not, then they will lose all leverage in future attacks and will essentially destroy their own black-market industry.
It is said that some of the ransom paid by the online sportsbook, Caesars, will be covered by insurance policies that are designed for just this occasion.
A Caesars statement contained within its 8-K filing said, “We have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter. The full scope of the costs and related impacts of this incident, including the extent to which these costs will be offset by our cybersecurity insurance or potential indemnification claims against third parties, has not been determined. “
Have You Been Affected?
If you are a Caesars Rewards customer and are concerned about the recent security violation then it is important to know that you have resources at your disposal.
Caesars has set up a line specifically to provide its customers with credit monitoring and identity theft protection services. The phone number is also equipped to respond to any legal questions customers might have.
Caesars Rewards members can call (888) 652-1580 from 09:00 PM to 09:00 PM EDT, Monday through Friday, or learn more online at https://response.idx.us/caesars/ to receive the latest news on the security breach.