US casino giant Caesars Entertainment said Thursday that hackers acquired data from some loyalty program members — days after fellow entertainment firm MGM Resorts revealed it was grappling with a cybersecurity issue.
After detecting suspicious activity in its network, Caesars determined this month that an “unauthorized actor” acquired a copy of its loyalty program database among other data, it said in a filing with the Securities and Exchange Commission (SEC).
The database includes driver’s license numbers and Social Security numbers for “a significant number” of members, the company added.
According to the SEC filing, hackers had made “a social engineering attack” on an outsourced IT support vendor used by the company.
Caesars paid around half of a $30 million ransom demanded by hackers, according to a report by The Wall Street Journal.
The company had no immediate response to AFP queries.
But it maintained in its statement that customer-facing operations had not been hit by the incident, adding that it is still investigating the extent of any other sensitive information that might have been acquired.
The company’s filing came two days after entertainment giant MGM Resorts reported that it “recently identified a cybersecurity issue” affecting some of its systems.
Casinos can be key targets for hackers given that they collect customers’ personal and financial data.
MGM said in a separate statement on Tuesday that after detecting the problem, it launched an investigation and notified law enforcement.
It added that it is taking steps to safeguard systems and data, “including shutting down certain systems.”