Caesars Entertainment reportedly paid around $15 million to appease hackers who threatened to leak sensitive customer data stolen in a cyberattack over the summer.
The Las Vegas casino giant’s payout was about half of the $30 million the hackers had demanded The Wall Street Journal reported On Wednesday.
Caesars admitted that the hackers broke into its systems through a “social engineering attack on an outsourced IT support provider.” to an official application.
The criminals stole a copy of the Caesars loyalty program database, including driver’s license numbers and Social Security numbers “for a significant number” of customers.
“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this outcome,” Caesars said in the filing. “We monitor the internet and have seen no evidence that the data was shared, published or otherwise misused.”
Caesars did not name those responsible for the cyberattack.
However, a group specializing in social engineering attacks called Scattered Spider, or UNC 3944, is responsible, two sources familiar with the matter said said Bloomberg. The attack reportedly began around August 27th.
In social engineering attacks, hackers trick users into revealing their login credentials or passwords to bypass security measures and gain access to company systems.
The company said there was “no evidence” that customer financial data, such as bank account numbers, was accessed in the hack. Caesars said it offers credit monitoring and identity protection services to its loyalty program members.
“The full extent of the costs and associated impacts of this incident, including the extent to which these costs will be offset by our cybersecurity insurance or potential claims for damages from third parties, has not been determined,” the filing continued.
Representatives for Caesars did not immediately respond to a request for comment.
The revelation came days after another major casino operator, MGM Resorts, was crippled by a cyberattack that left guests locked out of their rooms and slot machines, sports betting and other systems inoperable.
Casino staff began checking in guests by hand, while on-site bars transitioned to cash-only establishments. according to Bloomberg.