Las Vegas Under Attack… Still

Casino titan Caesars Entertainment is the latest Las Vegas institution hit by a cyberattack, joining rival MGM Resorts International. One critical difference though: Caesar’s said that its gambling operations were not disrupted. The company told the federal Securities and Exchange Commission (SEC) that a data breach on September 7 may have exposed the driver’s license information and Social Security number of its loyalty rewards members. The company also pinned the problem on a social engineering attack on its outsourced IT support vendor. Reports vary on the name of the group responsible for the attack, but most agree that the attack was carried out by an affiliate of ALPHV/BlackCat, the same attacker that hit MGM last week. Caesars also reported that it paid the ransom. The attackers initially demanded $30 million but Caesars said it ultimately paid about half of that after negotiations. The incident remains under investigation.

Companies need to be prepared for a supply chain or third-party cyberattack or data breach. Every company needs to be ready for trouble with an incident response plan in place to minimize downtime and speed up recovery.

https://www.bleepingcomputer.com/news/security/caesars-entertainment-confirms-ransom-payment-customer-data-theft/