Just days after MGM Resorts was the target of hackers, officials have admitted that a Caesars cyber attack took place in the aftermath. Not only did the thieves get a copy of their entire loyalty program database, but other data was stolen as well… and Caesars has not said what that data was. Included in the loyalty program data stolen during the Caesars cyber attack were numerous player driver license and Social Security numbers. We say numerous, because Caesars seems to have no idea of the exact number of persons victimized.
A Caesars spokesperson told the Securities and Exchange Commission that the company had “…taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result.” What does that mean? The Wall Street Journal has reported that the paid half of a $30 million ransom from the piece of crap hackers in an attempt to stop them from using or disclosing the data. So this is what we’ve come to? Making deals with criminals and hoping they abide by the honor system?
The Caesars cyber attack was also reported to the FBI, who advise that companies do not pay ransoms… or in this case, half of a ransom. Maybe the thieves will only use half of the stolen data base? What’s also troubling is that these attacks are being reported now, just days after the new SEC cybersecurity disclosure rules kicked in. And since Caesars has not disclosed all the stolen data… and since they waited several days to report the attack this begs the question of if they would have told us at all.
These new SEC rules say that an attack like this must be reported within four business days. The Caesars cyber attack was on Thursday, September 7th, which means they had until Wednesday the 13th to report the matter. MGM was attacked on September 12th, which also makes us wonder of that attack could have been prevented with an earlier notice from Caesars. We may have some free credit monitoring coming our way!