Maine regulatory filing lifts lid on Caesars cyberattack

A new filing with the Office of the Maine Attorney General (AG) has revealed more details about the cyberattack which hit Caesars Entertainment in August.

According to a data breach notification, a mandatory document filed with the AG’s office on October 6, a total of 41,397 Maine residents were affected by the breach, which saw the personal information of individuals taken by hackers. The filing is just one of a number of mandatory declarations made by the firm since the attack, which included a form 8-K filing with the Securities and Exchange Commission (SEC) on September 15.

Caesars confirmed the breach occurred on August 28, but the firm only became aware of the social engineering attack on September 7, more than a week later.

In these types of attacks, hackers work to gain the trust of their targets with the aim of encouraging individuals to divulge personal information, click web links or open attachments which may be malicious in nature.

Data stolen included a copy of the Caesars Rewards loyalty database including driver’s license numbers and social security numbers, however no member passwords, PINs, bank account, or payment card information was included in the data taken, according to the firm.

Caesars filing with the Maine authorities included a letter to residents affected.

In addition to confirming the breach to the Maine AG’s office, Caesars announced the offer of identity theft protection services to affected individuals to “help detect any misuse of personal information and fully managed identity restoration” services through an external company called IDX for a period of two years.

Caesars has also made available a $1m insurance reimbursement policy to compensate those making payments out of their own pockets for any expenses incurred as a result of the breach.