Caesars Data Breach Rumors Resurface After Employees Receive Internal Phishing Alerts

Rumors are circulating on social media about a potential cybersecurity issue involving Caesars Entertainment after employees lost access to their internal software applications.

Speculation began after Vital Vegas shared screenshots on X of what appeared to be internal company communications warning employees about a spike in phishing attempts.

Attackers Impersonating IT, HR, and Vendors

According to screenshots, attackers posed as members of Caesars’ IT and cybersecurity teams, as well as HR representatives and trusted vendors. CEO Tom Reeg sent emails to team members acknowledging the increase in phishing attempts last night.

“Team members from across the company are receiving phone calls that appear to come from Caesars over email, text, phone, or website,” the message stated.

Cybersecurity experts refer to text-based phishing attempts as “smishing,” while attempts via phone schemes are known as “vishing.” Both tactics rely on tricking employees into sharing login credentials or sensitive information to gain unauthorized access.

Vital Vegas later updated the post to claim that Caesars staff temporarily lost mobile access to Okta, the company’s identity authentication platform.

Okta is the internal identity management system that many Las Vegas casino operators use to control employee login access to company networks and software. Disruptions to Okta access can affect how staff sign in to internal tools, but don’t always indicate that systems have been compromised.

Phishing spikes don’t automatically signal a successful cyberattack, though. Companies often alert employees when they detect an increase in targeting activity to prevent it from happening in the first place.

Comparisons to 2023 Cyberattacks on Caesars and MGM

The situation mirrors the start of a past cyberattack on Caesars in September 2023, when hackers targeted a third-party IT vendor to gain access to Okta credentials. Caesars ultimately paid approximately $30 million to prevent the release of stolen employee and guest data.

MGM was also hit by a similar ransomware attack around the same time as Caesars, but chose not to pay the $100 million ransom demand.

As a result, the company paid the price operationally, with disabled slot machines, hotel keycard malfunctions, booking system outages, and website shutdowns lasting for days.

Cybersecurity analysts later linked both the Caesars and MGM incidents to a hacking group known as Scattered Spider, which used social engineering tactics to gain access through Okta authentication systems. These schemes rely on deceiving employees into performing actions or divulging confidential information by exploiting their decision-making skills in specific situations.

The teenage leader of the hacking group, Tyler Buchanan, was arrested in Spain in 2024.

At this time, there has been no confirmation that internal systems have been breached or that guest data has been compromised.

(Photo: Bruno Coelho / imageBROKER via Alamy)