Just weeks before hackers breached MGM’s computer system, Caesars Entertainment has reported it paid ransom to the same group of hackers. The sum Caesars paid is reportedly in the tens of millions of dollars.
This according to reporting by Bloomberg, which said hackers “threatened to release [Caesars’] company’s data, according to two people familiar with the matter.”
In Ontario, Caesars operates Caesars Palace online casino, one of the most popular Canada online casino apps, along with the Caesars Windsor retail casino and the Caesars Canada online sportsbook.
After Bloomberg’s story was released, Caesars did disclose the hack in a regulatory filing.
On Monday (Sept. 18), Caesars Windsor president Kevin Laforet told PlayCanada via an email statement, “Caesars Windsor remains open and it is business as usual.”
Scattered Spider behind the attacks
The hacker group is called Scattered Spider or UNC3944. Experts say the group is adept at gaining access to large corporate networks through social engineering schemes to get users to hand over password information.
Specifically, Scattered Spider began attacking Caesars around Aug. 27. The hackers were able to breach Caesars’ system via an outside IT vendor. It is believed the hackers stole personal information from Caesars Rewards members, including driver’s licenses and social security numbers.
The hackers’ actions have not yet affected day-to-day operations of Caesars’ casinos and its online betting platforms, Caesars said.
There is no word, yet, if Canadian social insurance numbers were compromised, but Caesars’s loyalty program does operate in Canada. In fact, one of the upgrades that came with the launch of the Caesars Palace online casino app was that if offers “full integration with the Caesars Rewards program available at the company’s retail casinos.”
“We have taken steps to ensure the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” Caesars said in the filing.
How the hacking works
Further, the Bloomberg report said:
“Hacking gangs typically ask to be paid in cryptocurrency if they demand a ransom. Some attacks deploy ransomware that locks up computer files, and the hackers then provide a decryption key if the victim pays. More recently, however, hacking gangs have stolen data from companies and then demanded payment, threatening to publish the information unless they are paid.”
Scattered Spider is also reportedly behind the MGM cyber attacks. It is too early to know for sure, but it would appear Caesars paid the ransom and MGM did not.
Experts believe Scattered Spider is comprised of young adults in the US and UK.
MGM properties in the US hit with cyber attack on Monday
On Monday, MGM was hit with a cyber attack by Scattered Spider. The attack impacted most of its properties in the United States.
Parent company MGM Resorts issued a statement on Monday that included this language:
“MGM Resorts recently identified a cybersecurity issue affecting some of the Company’s systems. Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems.
“Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter.”
According to CNBC correspondent Contessa Brewer, the incident or threat “has caused a system-wide outage- affecting company email, reservations, booking etc. The company has contacted law enforcement and brought in outside experts.”
Cyber attack closed all 14 of Gateway’s Ontario casinos in April
Canadian casinos have not been immune from cyber attacks.
In April, a cyber attack caused Gateway to close all 14 of its Ontario casinos for more than two weeks.
That ransomware attack is believed to have led to a breach of personal information of current and former Gateway employees.
At the time, Gateway released a statement updating patrons and employees about the fallout from the attack.
“While our investigation remains ongoing, Gateway understands that the incident may have resulted in the theft of personal information of certain current and former employees in British Columbia, Alberta and Ontario,” the statement read. “At this time, we are not aware of any misuse of information. However, we take the privacy and security of personal information very seriously and want to make sure our employees are kept informed.”