Caesars Entertainment has acknowledged the recent detection of “suspicious activity in its information technology network”, as MGM Resorts continues to probe the effects of its own “cybersecurity issue” that was identified earlier in the week.

This comes amid reports that the former paid approximately half of a $30m ransom demand, with Reuters reporting that the Scattered Spider hacking group has confirmed that it obtained six terabytes of data from the pair.

Caesars suspicious activity

In an SEC 8K filing, Caesars updated that it was affected by a social engineering attack on an outsourced IT support vendor, however, it is noted that customer-facing operations, including physical properties and online and mobile gaming applications, have not been impacted and continue without disruption.

Upon detecting the suspicious activity, the company noted that it “quickly activated our incident response protocols and implemented a series of containment and remediation measures to reinforce the security of our information technology network”.

Following an investigation, which included notifying law enforcement and state gaming regulators, it was found that among the data obtained is that of its Caesars Rewards program.

This, it was said, includes driver’s licence numbers and/or social security numbers for a significant number of members in the database.

“We are still investigating the extent of any additional personal or otherwise sensitive information contained in the files acquired by the unauthorised actor,” the operator said. 

“We have no evidence to date that any member passwords/PINs, bank account information, or payment card information (PCI) were acquired by the unauthorised actor.

“We have taken steps to ensure that the stolen data is deleted by the unauthorised actor, although we cannot guarantee this result. We are monitoring the web and have not seen any evidence that the data has been further shared, published, or otherwise misused.”

As a result, the company is offering free credit monitoring and fraud protection services for all Caesars Rewards members, with impacted customers to be notified. 

Despite acknowledging that the full scope of the costs related to the incident cannot be determined, confidence was stressed that this will not have a material effect on the company’s financial condition and results of operations.

MGM issues update

Earlier in the week, MGM confirmed that it was also the victim of a cyberattack, with the FBI said to have launched its own investigation in the aftermath.

A most recent update issued by the company read: “We continue to work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly. We couldn’t do this without the thousands of incredible employees who are committed to guest service and support from our loyal customers. Thank you for your continued patience.”

Responding to a query on X regarding the quantity of data that was stolen, MGM simply shared that its investigation is ongoing to evaluate the “scope and nature of the issue”.