Report: Caesars Entertainment Paid $15 Million Ransom After Cyberattack

Caesars Entertainment, Caesers Palace

Caesars Entertainment, the operator of Caesars Palace in Las Vegas, reportedly fell victim to a cyberattack during the summer and paid a ransom of approximately $15 million to the hackers.

The company is expected to disclose this cyberattack in a Securities and Exchange Commission (SEC) filing, the Wall Street Journal (WSJ) reported Wednesday (Sept. 13), citing unnamed sources. Caesars’ Strip casinos include Caesars Palace, Paris and Planet Hollywood.

Caesars Entertainment did not immediately reply to PYMNTS’ request for comment.

The hackers who targeted the company employed a social engineering scheme, posing as an employee and contacting the company’s IT help desk to change a password, according to the WSJ report.

This news comes shortly after MGM Resorts, another major casino operator, faced a similar breach. As PYMNTS reported on Wednesday, MGM Resorts had to shut down specific systems due to a “cybersecurity issue” that impacted various operations, including slot machines, sports-betting kiosks, digital keys for hotel rooms, online reservations and credit-card transactions.

The gambling industry has increasingly become a prime target for hackers due to the vast amount of personal and financial data collected from customers, according to the WSJ report. The industry has witnessed a surge in cyberattacks this year, with gaming companies targeted both domestically and internationally. Hackers are not only disrupting computer systems but also stealing sensitive information and threatening to disclose it unless a ransom is paid.

While not all companies choose to pay ransoms, some opt to do so to avoid data loss or business disruptions, the report said. According to Coveware, a firm that assists companies in responding to cyber extortion, the average ransomware payment stands at $740,000. However, the FBI advises against paying ransoms, as it does not guarantee the return of the data and may further incentivize hackers to target more victims. 

Ransomware attacks reached record-breaking numbers in March, with a 91% increase compared to the previous month and a 62% increase compared to the same period in 2022, Visa reported Thursday (Sept. 7). 

Exploited vulnerabilities and compromised credentials were identified as common causes of ransomware attacks, the digital payments firm said. These attacks target any accessible data, including payment information and personal identifiable information.