If you’re a betting person, what are the odds of two casinos getting hacked in succession? Following an attack on MGM casinos, Caesars Entertainment just stated in an SEC filing that it was also the subject of a hack that occurred last month.
As Bloomberg reports, citing sources close to the matter, the late-August attack left Caesars Entertainment forking over tens of millions of dollars to the hackers. The incident was described in an SEC filing published today, in which the company states that the breach occurred as the result of a “social engineering attack on an outsourced IT support vendor.” Sources told The Wall Street Journal that this social engineering attack involved a hacker posing as an employee to get the IT contractor to change a password. The hackers reportedly made off with the company’s loyalty program database, which contains a list of driver’s license numbers and Social Security numbers for a “significant number of members” within the database.
“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” the company wrote in the SEC filing. “We are monitoring the web and have not seen any evidence that the data has been further shared, published, or otherwise misused. Nonetheless, out of an abundance of caution, we are offering credit monitoring and identity theft protection services to all members of our loyalty program.”
Caesars Entertainment did not immediately return Gizmodo’s request for comment. But the wording of the statement appears to indicate that the casino may have paid a ransom.
The attackers are believed to be a hacking group known as Scattered Spider, or UNC 3944. Cybersecurity company Trellix says in a blog post that Scattered Spider has been active since May 2022, and its prey of choice is telecommunications companies, critical infrastructure groups, and business process outsourcing organizations—like the IT company involved with Caesars. Trellix also says that social engineering hacks are Scattered Spider’s bread and butter.
The SEC filing chronicling the attack comes after Caesars competitor MGM was also hit with a crippling attack, as revealed this past Monday. The MGM hack was reportedly the result of a 10-minute social engineering phone call, in which the hackers identified an IT worker on LinkedIn and called the help desk. An employee was apparently tricked into giving the hackers access to MGM’s systems. Reuters says that Scattered Spider was behind this hit, some reports indicate that a sub-group of Scattered Spider known as ALPHV, or Blackcat, was the culprit. Trellix’s blog post says that Blackcat has previously used Scattered Spider software called POORTRY, indicating some working relationship or overlap between the two.