Subscribe to AIP newsletter
Sing up for exclusive casino bonus, offers, and the latest news directly in your inbox.
Stake.com in Australia recently fell victim to a cybersecurity attack, costing the company over $41 million in crypto assets. Now, an even bolder attack has targeted two of the largest casino operators in the world.
According to various reports, MGM Resorts and Caesars Entertainment have recently fallen victim to cyberattacks. Caesars reports that a data breach exposed the personal data of loyalty rewards members. MGM Resorts has faced computer system issues at various properties due to the attacks, but both its live and online casinos remain open.
This past Monday was the anniversary of the 9-11 attacks in the United States. It is usually a prime day for hackers to try shenanigans with American companies. Unfortunately, MGM Resorts announced on Monday that it fell victim to a cyberattack at its properties across the US.
The actual attack began on Sunday. Properties across the US started to experience problems with computer systems. Issues ranged from people being unable to make reservations to the company website shutting down.
By late Monday, reports from patrons started to flood social media. Reports ranged from people being unable to withdraw money from credit cards to some being unable to enter their hotel rooms with their key cards.
MGM Resorts announced that its casinos remain open and operational despite the attack. The FBI is investigating the attack, and the casinos are still reeling as some systems remain unavailable. Also, it appears that the attacks have shaken the confidence of guests, as the casinos are reporting numerous cancellations.
Caesars Reports Data Breach – Scattered Spider Claims Responsibility
The other cyberattack was confirmed on 14 September as Caesars Entertainment reported that they also fell victim to a cyberattack. Caesars filed Form 8-K on 7 September with the United States Securities and Exchange Commission to report the attack.
The reports that Caesars discovered “suspicious activity in its information technology network resulting from a social engineering attack on an outsourced IT support vendor used by the Company.” The company further revealed that an unauthorised actor acquired a copy of its loyalty rewards database. The database contains the personal information, including copies of driver’s licenses of reward members.
The form also reports that company operations remain unaffected. Furthermore, Caesars does not believe cyberattackers acquired member passwords, PINs, bank accounts, or payment card information.
The FBI is also investigating the Caesars attack, but one group is claiming responsibility. Scattered Spider, aka UNC3944, is a Russian-based group known to be incredibly aggressive and disruptive. They generally target entertainment and hospitality groups. While the group is relatively new, they are already responsible for attacks on over 100 companies, mainly in the United States and Canada. If this group is responsible, it will likely embolden them to attempt future attacks on US-based casinos.
As a result of the data breach, Caesars is offering identity theft protection and credit monitoring services to loyalty rewards members.
Before the recent cyberattacks in the United States, many felt that live casino operators were nearly invulnerable to hacking. These recent attacks show that any company can be susceptible to an attack under the right circumstances.
Ultimately, the human element often proves to be the weakest link in a cyberattack. All it takes is for one person to make a poor choice on a company computer to put a network at risk.
If anything, this should serve as a wake-up call to both live and online casinos to refortify their security and adequately train their staff to spot and avoid cybersecurity threats.