In the era of digital technology, data breaches have become a frequent and widespread phenomenon, affecting various industries and organizations on a global scale.
Even the casino industry, despite its prominence, has not been immune to the escalating threat of data breaches.
The allure of substantial financial transactions, sensitive customer data, and valuable intellectual property renders casinos an attractive target for cybercriminals who seek to exploit weaknesses in their cybersecurity defenses.
This discussion aims to delve into casino data breaches, examining the underlying causes, the ensuing repercussions, and the preventive and mitigative measures implemented to address such incidents.
Gaining a comprehensive understanding of the intricacies surrounding casino data breaches is crucial for casino operators and consumers who place their trust in these establishments by providing their personal and financial information.
September 2023 – Casino Data Breach
Caesars Entertainment, a self-proclaimed leading casino chain in the United States, is renowned for its expansive loyalty program within the industry.
On 17th September 2023, Caesars became aware that the perpetrators had successfully infiltrated its loyalty program database, which contains a substantial amount of sensitive customer information, including driver’s licenses and social security numbers.
An 8-K form filed by Caesars with the U.S. Securities and Exchange Commission says that the company has roughly paid an amount of $15 million against the $30 million demanded by cyber attackers.
Caesars has stated that it is currently conducting an investigation into the data that was obtained by an unauthorized individual.
As of now, there is no evidence to suggest that any passwords/PINs, bank account details, or payment card information belonging to any members have been accessed.
11th September 2023: MGM Resorts International has officially announced that it is currently addressing a “cybersecurity issue” that has had an impact on several of its IT systems, encompassing its primary website, online reservation services, as well as in-casino related systems such as ATMs, and credit card machines.
Some users on the Facebook group have expressed their concerns regarding the malfunctioning of slot machines and difficulties encountered while attempting to access hotel accommodations at the resorts operated by the company.
The company promptly initiated an investigation subsequent to the identification of this cybersecurity concern. In order to safeguard our systems and data, decisive measures were expeditiously implemented, including the temporary shutdown of specific systems.
November 2022 – Casino Data Breach
The Crystal Bay Casino is a diminutive gambling establishment situated in Lake Tahoe, catering to both the local populace and tourists. The casino provides its patrons with access to slot machines and various forms of entertainment, while also broadcasting sporting events.
Regrettably, the unassuming casino recently fell victim to a cyber attack that potentially jeopardized the safety of its players.
The company’s investigation has concluded that certain files might have been copied from the database on or around November 27, 2022.
The breach at Crystal Bay Casino had a significant impact on multiple documents, affecting a considerable number of individuals. Precisely 86,291 individuals were duly notified about the breach, as they were all exposed to potential risks stemming from it.
It is imperative for anyone who has received such notification to promptly undertake necessary measures to ensure their personal protection.
In the event of receiving a notice, it is highly advisable to contemplate implementing a credit freeze as a precautionary measure against fraudulent activities.
February 2014 – Casino Data Breach
The IT and networking systems of the Sands Hotel and Casino were infiltrated by Iranian hackers. Despite the absence of any discernible financial incentive, the cyber attackers managed to gain access to extensive employee data and effectively immobilized the company’s systems.
The repercussions of this attack were substantial, as it resulted in the complete destruction of seventy-five percent of the company’s servers located in Las Vegas.
Cybersecurity experts within the organization estimate that the expenses incurred solely for equipment replacement and data retrieval exceeded $40 million.
They also left personal messages for Adelson, “Encouraging the use of Weapons of Mass Destruction, UNDER ANY CONDITION, is a Crime, signed, the Anti WMD Team,” said one. “Damn A, Don’t let your tongue cut your throat,” warned another.