As per reports, Scattered Spider has claimed responsibility for carrying out a data breach at MGM and Caesars. The theft involves taking 6 TB of data from reputed casinos. It mainly includes pieces of information related to users’ driving licenses and social security numbers. Caesars interacted with the media but declined to dig deep with its comments, while MGM initiated an investigation into the matter.
A representative of Scattered Spider confirmed the data breach and spoke with the media to clarify that they have neither demanded ransom nor intend to release the data. In light of this, it is crucial to understand their intentions with the data and why they have stolen it from businesses.
Scattered Spider is believed to be a part of ALPHV. They have been linked previously to over 100 attacks in two years. A hacking group representative said they would not release the data; however, MGM can do so if it wishes to release the information. Both brands hail from the position of being multi-billion-dollar ventures. Such an attack raises questions about the level of security they deploy to keep their users’ data safe.
It is also unknown the size of the financial impact that the hack has created on both ventures. Caesars has only confirmed the attack, stating that it happened on September 7, 2023. MGM remained affected for the next four days after the incident. Its slot machines in Las Vegas were seen displaying an error message.
Caesars has said that Scattered Spider targeted their IT vendor to gain access to the database.
Google’s Mandiant Intelligence has echoed the model. The group has said that Scattered Spider, also identified as UNC3944, is the most disruptive hacking outfit in the country. It is infamous for carrying out attacks via social engineering tactics. For instance, members of the group pose as employees of the company, asking the victim for details on how to reset the password. They exit the conversation once they have all the desired information to carry out the attack.
According to the casino news, Charles Carmakal, the Chief Technology Officer at Mandiant, has said that the group attacks companies in different categories, including, but not limited to, retailers, gaming, telecom, and insurance. Members of the group are believed to be somewhere in Western countries.
The FBI is investigating the matter for MGM and Caesars, with no comments made public via the press.
MGM brought the issue to light on September 11, 2023, when its system went down due to a cybersecurity issue. The official email mechanism was hit, forcing employees to use Gmail for communications. It was previously considered a technical issue, but after taking the matter to the relevant authorities, it was discovered that the issue was indeed a cybersecurity threat.