Two major casino-resort operators on the Las Vegas Strip now face a combined nine federal lawsuits in the wake of cyberattacks that exposed the personal information of thousands of customers and crippled the operations of one of the companies.
A lawsuit filed in the U.S. District Court in Nevada on Friday alleges Caesars Entertainment was negligent in protecting its customers’ personal identifiable information during a recent cyberattack. The plaintiff, Virginia resident David Lackey and a Caesars Rewards member of over 20 years, visited a Caesars property in Las Vegas in the past year, according to the suit.
Caesars publicly detailed a social engineering cyberattack on the company in a Sept. 14 Securities and Exchange Commission filing. The company said a Sept. 7 investigation determined an attacker acquired a copy of the Caesars Rewards loyalty program database, which includes driver’s license and Social Security numbers.
Lackey also filed a similar complaint against MGM Resorts International in the same court on Thursday.
MGM had its own data breach beginning on Sept. 10. Hackers reportedly used social engineering tactics to enter the company’s systems and download highly sensitive personal information of thousands of MGM customers. The breach and subsequent security measures by the company took down several computer networks systemwide, including reservations, digital keys, ATMs and more. Most customer-facing operations are back to normal, save for a few like the MGM Rewards’ loyalty app.
Both of Lackey’s lawsuits allege that despite his attempts to protect his data and monitor his credit, he has noted an increase in text phishing attempts from multiple sources, according to the complaints.
Another complaint filed against MGM and two real estate investment trusts — Vici Properties and MGM Growth Properties — on Wednesday alleges the defendants failed to follow Federal Trade Commission guidelines and properly train its staff on cybersecurity.
In that case, Travis County, Texas, resident David Zussman is represented by attorney Nathan Ring, whose firm Stranch, Jennings and Garvey PLLC has filed four other class-action lawsuits following the data breaches at Caesars and MGM.
Lawyers representing Zussman and Lackey did not respond to requests for comment. Neither did Caesars nor MGM officials.
Cybersecurity professional departs
In related news, a senior cybersecurity professional at Caesars Entertainment is departing the company. But Caesars officials say it has nothing to do with the recent cybersecurity breach.
The departure of John Roskoph, senior vice president of strategy, infrastructure and cybersecurity, though, raised eyebrows for its timing so close to the public disclosure of Caesars’ cyberattack.
Caesars declined to comment, citing a policy against discussing personnel matters. But a source inside Caesars said the exit had nothing to do with the cybersecurity breach. Roskoph’s departure had been in the works for a long time and they supported his transition out of the business, the source said.
A LinkedIn post from Roskoph states that he will be leaving the gaming industry to join NFI, a supply chain and logistics company headquartered in New Jersey. Roskoph is based out of Atlantic City, New Jersey, according to his LinkedIn page.
“It has been an absolutely incredible journey with Caesars; through Tropicana, to Eldorado, the expansion to Caesars and the growth with William Hill, I am sincerely grateful for the opportunities and experiences,” Roskoph said in a LinkedIn post last week. “To the incredible team members and mentors, I am sincerely appreciative for your contributions to my personal and professional growth. I could not be more proud of you all with what has been accomplished.”