It appears that systems are normal following a cyberattack at the Caesars-owned casinos in North Carolina. The attack took place in early September by a hacker group. But litigation may upset that.
According to the Las Vegas Review-Journal, nine groups have filed class action lawsuits in the Nevada District Court. All of the suits charge Caesars Entertainment and MGM Resorts International.
The lawsuits claim Caesars and MGM failed “to protect the personal identifiable information of loyalty program customers” when a hacker organization infiltrated their servers in a recent cyber security breach.
The suits claim loyalty program members had their data compromised and seek damages.
Caesars Entertainment operates Harrah’s Cherokee Casino Resort in Cherokee, and Harrah’s Cherokee Valley River Casino in Murphy. A ransomware attack that partially crippled reservation systems, slot machines, ATMs, and other functionality impacted both of those casino resorts. It is unclear if the ransomware attack compromised customer data.
According to Caesars, it paid a ransom to a group known as Scattered Spider. Scattered Spider is a hacking cooperative believed to consist of individuals in the United States and the United Kingdom. Authorities have not filed charges in the incident. However, the Federal Bureau of Investigation is handling the case. The incident impacted Caesars casinos in at least six states.
Will the lawsuits impact North Carolina casinos?
Four of the civil suits filed in Nevada take aim at MGM and Caesars parent companies. The parties represented in the lawsuits are from several states, including Colorado, Illinois, Louisiana, and Mississippi.
If any North Carolina residents are added as parties to these (or future) civil suits, it would bring into question whether private data stored on servers by Harrah’s Casinos in this state were stolen and potentially shared by nefarious actors.
In a ransomware attack, hackers copy data from the computers and block access to the systems. They demand a ransom in exchange for an encrypted key that allows the victims to regain access. Even after a victim pays the ransom, any financial and personal information copied by the hackers could be for sale on the dark web or to criminals.
If Caesars and MGM failed to adhere to Federal Trade Commission customer data security policies, a fine could be levied. Typically, such fine payments are divvied up among those consumers whose data was compromised. FTC fines and other sanctions are also possible.
Caesars Entertainment may have already sealed its fate regarding the lawsuits over privacy. In a September 14 letter to the Securities and Exchange Commission, Caesars admitted that hackers copied the Caesars Rewards loyalty program database. That database included the Social Security numbers and driver’s license numbers of members.
Are Harrah’s Cherokee casinos operating normally?
Only after a broad ransomware attack in several states impacted MGM Resorts did Caesars come forward to reveal it also had been targeted by the same hackers earlier in September. The Harrah’s Cherokee Casinos in North Carolina experienced some inconveniences for a few days, but gaming reportedly continued uninterrupted. Caesars also opened a hotline for guests worried about possible identity theft
Customers visiting Harrah’s Casinos in both Cherokee and Murphy for days have not reported issues. According to Caesars, there is no danger to private data at their locations in the western portion of the state.