Despite this, the Reno-based company stated that it could not guarantee the security of personal information belonging to millions of customers, which may have been compromised during the data breach on September 7.
This includes driver's license and Social Security numbers of loyalty rewards members. Caesars Entertainment assured them that they have taken measures to delete the stolen data but cannot guarantee the outcome.
The identity of the hacker and whether a ransom was paid remains unknown, like the recent cyberattack reported by MGM Resorts.
The cyberattack on MGM Resorts was reported on Monday, and it is unclear if a ransom was paid or who is responsible for the intrusion.
According to Brett Callow, a threat analyst at Emsisoft, a cybersecurity firm based in New Zealand, a group called Scattered Spider has claimed responsibility. It is believed the group operates under the umbrella of ALPHV or BlackCat, a Russia-based operation.
Charles Carmakal, the chief technical officer at cybersecurity firm Mandiant, also noted that Scattered Spider is known as UNC3944. He described the group as "incredibly disruptive and aggressive" in its recent targeting of hospitality and entertainment organizations.
According to a statement by Carmakal, this group uses sophisticated techniques that are difficult for many organizations with strong security programs to defend against. Mandiant's blog analysis, published on Thursday, revealed that the group employs SMS text phishing and phone calls to help desks to try to obtain password resets or multifactor bypass codes.
Mandiant also reported that this relatively new ransomware industry player has targeted at least 100 organizations, with most of them located in the U.S. and Canada.
Caesars, the world's largest casino owner, with more than 65 million Caesars Rewards members and properties in 18 states and Canada under the Caesars, Harrah's, Horseshoe, and Eldorado brands, is among the group's victims. The company has a presence in mobile and online operations, as well as sports betting. The Associated Press reached out to company officials for comments, but they did not respond to emailed questions.
The company informed the SEC that they were providing credit monitoring and identity theft protection to loyalty program customers.
Caesars has reported that a recent cyberattack did not result in the intruder obtaining any member passwords or bank account and payment card information.
They also stated that their casino and online operations were not impacted and continue to operate as usual. This disclosure comes after MGM Resorts International, the largest casino company in Las Vegas, reported a cyberattack on Monday, leading them to shut down computer systems across their properties in the US to protect data.
MGM Resorts has reported that reservations and casino floors in Las Vegas and other states were affected, with customers sharing stories on social media about difficulties making credit card transactions and accessing hotel rooms.
The FBI has stated that they are investigating the situation, and some MGM Resorts computer systems are still down, including hotel reservations and payroll. Despite this, the company has stated that its employees in the US and abroad are expected to be paid on time.
Reports suggest that Caesars Entertainment may have paid $15 million to secure their data after being asked for $30 million, but the company has not disclosed any steps taken to ensure the security of the stolen data.
Recovery from cyberattacks can take months, making it difficult to know whether hackers have deleted stolen data or if it will be used elsewhere.
