Caesars Entertainment Data Breach

  • Published: Jul 09, 2024
  • Last Updated: Jul 30, 2024

 

Caesars Entertainment is an American hotel and entertainment company based in Reno, Nevada. The firm was formed in 2020 when Eldorado Resorts, Inc. and Caesars Entertainment, Inc. came together to establish the largest gaming company in the United States. Caesars Entertainment offers first-class amenities and destinations, renowned accommodations, and extraordinary entertainment. It prides itself as the global leader in gaming and hospitality, with over 50 world-class resorts. Caesars Entertainment runs a loyalty program that rewards its customers for their patronage. The database of customers in this loyalty program was the subject of attack by bad-faith actors that led to the firm's data breach in 2023.

The Caesars Entertainment data breach was a social engineering attack on the company's outsourced IT vendor, where the Scattered Spider hacker group gained access to the loyalty program database containing customers' personal information and downloaded it. This event resulted in the breach of data related to at least 65 million people who are rewards program members, putting them at increased risk of identity theft and other fraud. Data exposed in the Caesars Entertainment breach included affected customers' names, dates of birth, phone numbers, addresses, social security numbers (SSNs), email addresses, and license plates. Others are biometric information, gaming activity information, purchase information, health information, and geolocation data. The Scattered Spider hacker group threatened to release the acquired data and demanded a $30 million ransom. However, Caesars Entertainment was able to negotiate and paid $15 million, after which the hackers reportedly deleted the stolen data. The company, however, did not guarantee the result.

Caesars Entertainment Data Breach

When Was the Caesars Entertainment Data Breach?

The unauthorized infiltration by the Scattered Spider group, or UNC 3944, into the company's IT vendor's system on August 18, 2023, led to the Caesars Entertainment data breach. However, the actual data security breach by the cybercriminal group happened on August 23, 2023, which Caesars Entertainment later discovered on September 7, 2023. Upon detecting the breach, the company activated its incident response protocols, executing every measure to reinforce its network security and prevent further intrusion into the network. Afterward, the firm initiated an investigation to probe the incident with the help of a cybersecurity company. Following this, state gaming regulators and law enforcement were also notified about the data breach.

How to Check If Your Data Was Breached

Caesars Entertainment notified all affected customers of its August 2023 data breach via a Notice of Data Breach letter on October 6, 2023. If your information was impacted by this breach, you must have been notified. The letters contain detailed information on the data security breach and a list of data compromised for each customer. However, if you do not receive a notification letter from the company, you can review your accounts and credit reports to see if this breach has also impacted you. Any suspicious or unauthorized activity in your accounts and/or credit reports may indicate that your sensitive data has been exposed.

What to Do If Your Data Was Breached

Following the discovery of the August 2023 Caesars Entertainment data breach, the company offered affected customers complimentary credit monitoring and identity theft protection services through IDX. You can take advantage of this offer by activating it to protect your data. The IDX identity protection service includes a 2-year credit and dark web monitoring that can help detect any misuse of your data. It also comes with a $1 million insurance refund policy and fully managed identity restoration if you fall prey to identity theft.

Furthermore, if your sensitive data was impacted by the Caesars Entertainment breach, exercise caution when you receive emails, calls, and SMS texts that appear fraudulent. You should also avoid interacting with or opening attachments or links from untrusted sources. In addition, you can change your passwords for accounts that may have been affected and reset passwords for other accounts where you use the same or similar passwords. Keeping an eye on your accounts for any unauthorized access or suspicious activity is also recommended.

Are There Any Lawsuits Because of the Data Breach?

Yes. Multiple lawsuits with class action status have been filed in the United States District Court in Nevada and Federal Court in New Jersey against Caesars Entertainment following the company's August 2023 data breach. The plaintiffs, mainly hotel guests, allege that the company was negligent in allowing hackers to steal their sensitive personal data in a social engineering attack. They claim to be at risk of cybercriminals using the six terabytes of stolen sensitive data to take out loans using the identities of affected customers, obtain false identifications and fake driver licenses, and file fraudulent tax returns.

Furthermore, the plaintiffs seek to hold Caesars Entertainment responsible for the injuries inflicted on them (the plaintiffs) due to the defendant's inadmissibly inadequate data security that exposed their personal information. Also, the suits claim that affected customers will suffer ongoing harm from identity theft and other fraud. Class actions already filed against Caesars Entertainment in relation to the August 2023 data breach include the following:

  • Katz v. Caesars Entertainment Inc., Case No. 1:23-cv-21125, in the U.S. District Court for the District of New Jersey.
  • Alexis Giuffre, individually and on behalf of all others similarly situated v. Caesars Entertainment Inc.Case No. 2:23-cv-01483-APG-EJY, in the U.S. District Court for the District Court of Nevada.
  • Thomas McNicholas and Laura McNicholas, individually and on behalf of all others similarly situated v. Caesars Entertainment Inc., Case No. 3:23-cv-00470-MMD-CSD, in the U.S. District Court for the District Court of Nevada.
  • Miguel Rodriguez, individually and on behalf of all others similarly situated v. Caesars Entertainment Inc., Case No. 2:23-cv-01227-ART-BNW, in the U.S. District Court for the District Court of Nevada.
  • Paul Garcia, individually and on behalf of all others similarly situated v. Caesars Entertainment Inc., Case No. 2:23-cv-01482-CDS-EJY, in the U.S. District Court for the District Court of Nevada.

Can My Caesars Entertainment Information Be Used for Identity Theft?

Yes. If it was exposed in the August 2023 data breach, your sensitive data in the breached Caesars Entertainment rewards database could be used for identity theft and other types of fraud. Although the company claimed the hacker group deleted the accessed data after paying a $15 million ransom, it did not give its guarantee. Such sensitive information can be sold on the dark web, subjecting affected customers to identity theft. Hence, you must always monitor your financial accounts for suspicious and unauthorized activity.

What Can You Do to Protect Yourself Online?

Protecting your sensitive information online is your sole responsibility. Despite Caesars Entertainment's efforts to ensure customer data security, the firm's rewards database, which contains sensitive information of several millions of customers, was hacked. As cyber threats continue to spread widely, you can do the following to protect yourself online:

  • Stop oversharing personal information on social media posts, including your birthday and other sensitive details. Check the site's security and privacy settings if you must share any personal information.
  • Create strong passwords for your online profiles and accounts. Typically, a cybercriminal will not be able to easily figure out a password that combines alphanumeric and special characters. Never use your date of birth or name in your passwords.
  • Keep abreast of the latest news and developments in the cyber world using websites like IDStrong.
  • Be cautious never to enter personal or financial details online when using free or public Wi-Fi. If you need to shop online, it is best to use your home network, which should be secured with a password. In addition, before entering your personal or financial information on a site, check to confirm that the site is secure by taking a look at the top of the browser to find a lock symbol and ensure that the URL starts with "https."
  • If available, activate two-factor authentication (2FA) on your accounts to enable an additional security layer and reduce the risk of unauthorized access.
  • Monitor your accounts and credit reports regularly for unauthorized access or suspicious activity. The credit monitoring service offered by IDStrong can help monitor your credit reports and alert you of any activity or changes on your credit file.
  • Be sure to keep your devices up to date with the latest security software and operating systems. You can also consider installing anti-spyware, antivirus, and anti-malware software on all your devices.

Related Articles

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach: 2013, 2015, 2021 and 2023 Hacks

T-Mobile has experienced a number of data breaches in the past decade. The first case occurred som ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. ... Read More

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that much a ... Read More

The NSA Hack, How Did it Happen?

The National Security Agency (NSA) was the main attraction in a major data breach involving three ... Read More

Latest Articles

What You Need to Know about the Hot Topic Data Breach

What You Need to Know about the Hot Topic Data Breach

Hot Topic plays in the fashion, apparel, and shoe industry as a retailer of music-influenced apparel and accessories, such as jeans, tops, belts, dresses, pajamas, sunglasses, jewelry, and tees.

Google Voice Scams: What They Are and How to Stay Safe

Google Voice Scams: What They Are and How to Stay Safe

Google Voice scams continue to pose a risk for users of this service. Scammers continuously attempt to lure users into divulging their verification PIN code.

What Are Pretexting Attacks: Scam Types and Security Tips?

What Are Pretexting Attacks: Scam Types and Security Tips?

Have you ever received a text from someone you do not know? Did you become alarmed by the message? Did the message contain information about you and the people you know?

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close