Caesars Bungling Notice of Data Breach

Caesars Rewards Members are receiving notice of the data breach that occurred more than a month prior. The breach occurred in August 2023, but Caesars did not report it to regulatory officials until September 2023 and is finally notifying victims in mid-October 2023. The loss of data includes victim’s names, driver’s licenses, or other government-issued ID numbers. A separate legal filing is claiming that Caesars actually exposed consumers’ names, mailing addresses, telephone numbers, email addresses, dates of birth, driver’s license numbers, and Social Security numbers.

The attackers demanded money after they were in possession of the data and Caesars decided to pay the ransom.

I cannot express how disappointed and frustrated I am with Caesars response!

Caesars Notice of Data Breach Letter to Customers

Takeaways:

1. Caesars cybersecurity posture was unable to prevent or quickly detect and contain the data breach — which shows immaturity in their investment and operational procedures
2. Caesars failed to protect, encrypt, or delete unnecessary data. — showcasing a failure in management to properly respect acceptable data collection, destruction, and privacy…