Updated October 9, 2023 - 12:36 pm
Caesars Entertainment Inc. has notified the attorney general’s office of the state of Maine about the cyberattack that is believed to have compromised the data of the company’s customers.
The notification, statutorily required under Maine law, says 41,397 Maine residents were affected by the attack. In Caesars’ filing, the total number of persons affected by the breach was listed as “to be determined.”
The notification said, “Caesars was the victim of a social engineering attack on an outsourced IT vendor that resulted in unauthorized access (on Aug. 18, 2023) to Caesars’ network and the exfiltration of data (beginning on or about Aug. 23, 2023) which Caesars subsequently confirmed (on Sept. 7, 2023) included the personal information of state residents.
The form said the criminals acquired names and other personal identifiers in combination with a driver’s license number or non-driver identification number.
The notification to Maine authorities came on the same day Caesars disclosed the breach publicly in a Securities and Exchange Commission update to a Sept. 14 filing.
“After detecting the suspicious activity, we quickly activated our incident response protocols and implemented a series of containment and remediation measures,” the company said in a filing. “The company also launched an ongoing investigation, engaged leading cybersecurity firms to assist, and notified law enforcement and state gaming regulators. Once the incident was contained, we initiated a detailed review to identify any sensitive personal information contained in data acquired by the unauthorized actor as part of the incident.”
Caesars is encouraging its customers to monitor their own accounts for suspicious activity.
“While we do not have any specific reason to believe that you are at risk of identity theft or fraud as a result of this incident, it is always good practice to be vigilant by regularly reviewing your account statements and monitoring any available credit reports for suspicious activity,” the company said. “We also generally encourage you to take care in identifying calls, emails or SMS texts that appear to be spam or fraudulent (phishing), and to avoid opening links or attachments sent from untrusted sources.”