Caesars Entertainment confirmed Thursday that a hacker infiltrated its computer system and stole customer data in a recent cyber attack.
After an investigation that concluded last week, Caesars “determined that the unauthorized actor acquired a copy of, among other data, our loyalty program database,” the company disclosed in a regulatory filing on Thursday.
This included driver’s license numbers and or Social Security numbers “for a significant number of members in the database,” Caesars said.
As a result, it’s offering credit monitoring and identity theft protection services to all members of its loyalty program.
To date, the company doesn’t suspect that any passwords, PINs, bank account information or payment card information was obtained by the hacker.
However, it’s still investigating the extent of the data breach and if other sensitive information was stolen.
After the company noticed suspicious activity, it said it “implemented a series of containment and remediation measures to reinforce the security of our information technology network.” It also reached out to cybersecurity firms and notified law enforcement and state gaming regulators, according to the filing.
The company also reportedly paid tens of millions of dollars to keep the hackers from releasing the company’s data, sources familiar with the matter told Bloomberg.
In the filing, Caesars Entertainment confirmed that it incurred, and may continue to incur, certain expenses related to this attack.
“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” the company said. “We are monitoring the web and have not seen any evidence that the data has been further shared, published, or otherwise misused.”
The company also confirmed that its “customer-facing operations, including our physical properties and our online and mobile gaming applications, have not been impacted by this incident and continue without disruption.”
The news comes just after MGM Resorts International said that it experienced a cyberattack that affected operations at its headquarters as well as its properties and websites.