A lawsuit has been initiated against two prominent gaming entities due to their failure to safeguard the personal identifiable information of their customers, resulting in a substantial potential penalty, possibly amounting to millions of dollars. The legal action revolves around MGM Resorts International and Caesars Entertainment, both of which fell victim to a highly sophisticated file-encrypting malware attack towards the end of last week.
Currently, it has come to light that two separate lawsuits have been filed in connection with the MGM cyber-attack, while Caesars Gaming company is contending with three legal actions, one of which was freshly filed just last Friday.
The identity of the culprits behind the security breaches at both companies remains shrouded in mystery. However, a hacking group known as “VX-Underground” has made allegations that the ALPHV, also known as the BlackCat ransomware group, played a role in the incident, managing to exfiltrate a portion of data from the compromised servers.
Collaborating closely, the Nevada Gaming Control Board and the FBI have launched an investigation into this cyber incident. Their findings are expected to be presented in a report due early next month.
In a positive turn of events, MGM Resorts and Hotels have successfully resolved the situation, restoring their systems to normalcy after a 10-day shutdown. It remains unclear whether they acquiesced to the hackers’ demands or relied on their business continuity plan to restore applications and data to their usual state.
As for Caesars, the company has not yet issued an official statement regarding the matter.
It’s important to note that in both incidents, the attackers gained access to the systems by obtaining network login credentials through a Vishing attack perpetrated against an unsuspecting employee. Consequently, businesses are urged to adopt a comprehensive approach to cybersecurity, emphasizing the importance of awareness training for their staff to guard against such threats, which can potentially target any organization at least once a year.
