(Bloomberg) — Caesars Entertainment Inc. paid tens of millions of dollars to hackers who broke into the company’s systems in recent weeks and threatened to release the company’s data, according to two people familiar with the matter.
Most Read from Bloomberg
Caesars is expected to disclose the cyberattack in a regulatory filing imminently, the people said. The disclosure of the alleged Caesars breach comes as another Las Vegas entertainment giant, MGM Resorts International, announced that it was hacked earlier this week.
Read more: Useless Slots, Cash Bars Annoy Casino Goers After MGM Hack (1)
Caesars didn’t respond to requests for comment. The company’s shares dropped 2.7% Wednesday to $52.35.
The group behind the attack is known as Scattered Spider or UNC 3944, according to the people. Its members are skilled at social engineering in order to gain access to large corporate networks, according to cybersecurity experts. In the case of Caesars, the hackers first breached an outside IT vendor before gaining access to the company’s network, according to the people.
The hackers began targeting Caesars as early as Aug. 27, according to one of the people.
Members of the hacking group are believed to be young adults, some as young as 19 years old, residing in the US and the UK, according to a person who has investigated multiple hacks by the group.
Hacking gangs typically ask to be paid in cryptocurrency if they demand a ransom. Some attacks deploy ransomware that locks up computer files, and the hackers then provide a decryption key if the victim pays. More recently, however, hacking gangs have stolen data from companies and then demanded payment, threatening to publish the information unless they are paid.
(Updates with additional information in the seventh paragraph.)
Most Read from Bloomberg Businessweek
©2023 Bloomberg L.P.