Caesars Entertainment has sent notifications to members of its Caesars Rewards loyalty program as a follow-up the cyberattack the company suffered in September, by the same group responsible for a similar attack on MGM Resorts.
The notification, sent via email, confirms many of the details Caesars first published in a disclosure statement filed with the US's Securities and Exchange Commission (SEC) on September 14. Data from the Caesars Rewards program was accessed after the hackers attacked a third-party IT support vendor contracted with Caesars.
Caesars' latest update confirms that for impacted Caesars Rewards members, the stolen data included customers' names, driver’s license or other government-issued ID number, and social-security or other federal-ID numbers. Some other data was compromised, but according to Caesars, the company has no evidence that customers' bank-account information, payment-card numbers, and related PINS/passwords were affected.
All World Series of Poker (WSOP) participants in recent years are likely to be impacted, since registration into the Caesars Rewards program is mandatory to participate in WSOP events. Loyalty-program participants who might not have received the email notification sent this week can call Caesars at 1-888-652-1580, Monday to Friday from 9 am to 9 pm Eastern Time, to seek additional information.
Caesars announces complimentary identity-protection program with IDX
Besides offering details on the September hack, Caesars also announced that it will offer two years of complimentary identity-theft and credit-monitoring service. Caesars has retained "data breach and recovery services expert" IDX. The offered services also include monitoring of the "dark web", where stolen data is often sold or bartered.
The IDX plan also includes a $1,000,000 insurance reimbursement policy and fully-managed identity restoration should any of the breach's impacted Caesars Reward members become the victims of identity theft. It is necessary to register with IDX through a Caesars-provided link to take part in the identity-protection program.