Caesars Entertainment Data Breach Exposes Sensitive Customer Information Caesars Entertainment, Inc., a major U.S. casino and hospitality operator with over 50 properties under brands like Caesars, Harrah’s, and Eldorado, confirmed a data breach affecting thousands of individuals. The incident was detected on February 23, 2026, when suspicious activity was identified in the company’s cloud-hosted data storage platforms. Caesars responded by launching an investigation, engaging cybersecurity experts, and notifying law enforcement. The breach exposed sensitive personally identifiable information (PII), including names, Social Security numbers, driver’s license numbers, Washington ID card numbers, dates of birth, and passport numbers. Official notifications were sent to affected individuals on May 19, 2026, with at least 44,023 people in Washington, 16 in Massachusetts, and one in Maine impacted. Class action law firm Shamis & Gentile P.A. is investigating potential legal claims on behalf of those affected, citing possible compensation for damages resulting from the exposure. The breach highlights ongoing risks to customer data in the hospitality and gaming sectors.

ShinyHunters Claims Breach of Wynn Resorts, Leaks 800K Employee Records The ransomware group ShinyHunters has allegedly breached Wynn Resorts, claiming to have stolen over 800,000 employee records and demanding 23.34 Bitcoin (≈$1.55 million) to delete the data. The group set a deadline of February 23, 2026, for payment, warning that failure to comply would result in the data being leaked on the dark web. A sample of the stolen data, analyzed by The Register, includes full names, emails, phone numbers, job positions, salaries, start dates, birth dates, and other personal details enough to facilitate phishing attacks, credential theft, and financial fraud. According to a group member, the breach occurred in September 2025 via an Oracle PeopleSoft vulnerability, exploiting compromised employee credentials. Wynn Resorts has not yet responded to the claims or media inquiries. ShinyHunters has been highly active in recent months, targeting organizations through vishing scams and exploiting identity management systems like Okta. This incident follows high-profile attacks on Caesars Entertainment and MGM Resorts in September 2023, reinforcing concerns over cybersecurity vulnerabilities in the hospitality and gaming sectors.

Ransomware in 2025–2026: Evolving Threats, Rising Costs, and High-Profile Attacks Ransomware remains a critical threat to governments, businesses, and critical infrastructure, disrupting healthcare, fuel distribution, retail, and identity security. Financial and operational impacts have intensified, with attackers refining tactics to maximize damage and extortion. ### Key Ransomware Trends 1. Supply Chain Attacks – Threat actors increasingly target software vendors to compromise multiple downstream victims. Notable incidents include: - 2023 MoveIt Transfer breach (Clop ransomware gang) - 2021 Kaseya attack (1,500+ MSP customers affected) - 2020 SolarWinds hack 2. Triple Extortion – Beyond encrypting data and threatening leaks, attackers now demand payment to prevent additional attacks. The Vice Society group used this tactic in its 2023 attack on San Francisco’s BART system. Leading ransomware groups like LockBit 5.0 now use private negotiation portals for targeted extortion. 3. Ransomware-as-a-Service (RaaS) – Cybercriminals lease pre-built ransomware tools and infrastructure, lowering the barrier to entry for attacks. 4. Exploiting Unpatched Systems – While zero-day vulnerabilities draw attention, most ransomware exploits known flaws in outdated software. 5. Phishing & AI-Driven Attacks – Phishing remains a primary infection vector, while generative AI enhances social engineering lures, reconnaissance, and attack automation. ### Ransomware by the Numbers (2025) - 44% of breaches involved ransomware (Verizon 2025 DBIR), a 37% increase from 2024. - 88% of SMB breaches included ransomware, compared to 39% in large enterprises. - 34% rise in attacks in the first three quarters of 2025 (Total Assure). - 5,010 U.S. incidents in the first 10 months of 2025 a 50% increase from 2024 (Cyble). - 85% of attacks go unreported (BlackFog). - Median ransom payment: $267,500 (Palo Alto Networks 2025). - Average ransom payment: $1 million (Sophos 2025), down from $2 million in 2024. - Average insurance claim: $292,000 (Coalition 2025), a 7% decrease from 2024. ### Notable 2024–2025 Ransomware Attacks - PowerSchool (Dec. 2024) – Exposed data of 62M students and 9.5M teachers across North America. - Yale New Haven Health (Mar. 2025) – Compromised 5.6M patient records; settled a class-action lawsuit for $18M. - NASCAR (Apr. 2025) – Medusa ransomware gang stole 1TB of data and demanded $4M. - DaVita (Apr. 2025) – 2.7M patients’ health data exposed by Interlock ransomware. - Marks & Spencer (May 2025) – Pay2Key ransomware disrupted operations, contributing to a 90% profit drop. - Ingram Micro (Jul. 2025) – SafePay ransomware caused service disruptions and revenue losses. - Change Healthcare (2024) – Initially reported 100M+ victims; revised to 193M by mid-2025. - LoanDepot (2024) – Attack disrupted loan services for 16.6M customers. - MGM Resorts & Caesars Entertainment (2023) – High-profile attacks crippled Las Vegas casino operations. ### Future Ransomware Predictions - AI-Powered Automation – Attacks will become faster, more persistent, and harder to detect (Trend Micro). - Voice-Based Vishing – AI-generated calls will rise as a social engineering tactic (Zscaler). - Encryption-Free Extortion – More groups will skip encryption, relying solely on data theft threats (SentinelOne). - GenAI-Enhanced Phishing – AI will enable more convincing, large-scale phishing campaigns. Ransomware shows no signs of slowing, with attackers leveraging AI, supply chain vulnerabilities, and multi-layered extortion to escalate both frequency and impact.

Caesars Entertainment revealed in an SEC filing that the company had been the victim of a social engineering attack on an outsourced IT support vendor used by the company. The website and smartphone apps for the corporation have been down for almost a week. Weeks before the attack on MGM Resorts, Caesars was attacked. The attack severely disrupted MGM's operations, making check-in for visitors a lengthy process and rendering electronic payments, digital key cards, slot machines, ATMs, and paid parking systems useless. Known ransomware-as-a-service organisations seem to have targeted both businesses. ALPHV.

The California Office of the Attorney General reported a data breach involving Caesars Entertainment, Inc. on October 11, 2023. The breach, which occurred between August 23, 2023, and September 6, 2023, involved suspicious activity related to an attack on an IT support vendor. The breach affected an unspecified number of individuals' loyalty program data, including names and potentially other sensitive information, though no evidence was found for compromised customer passwords, bank details, or payment card numbers.

Caesars Entertainment Inc. paid hackers who threatened to leak the company's data by breaking into the company's servers 10 millions of dollars. Requests for comments were not answered by Caesars. Shares of the business decreased 2.7% to $52.35. The hackers first breached a third-party IT vendor before gaining access to the company’s network.

Eureka Casino Settles $1M Class-Action Lawsuit Over 2022 Data Breach The Eureka Casino in Mesquite, Nevada, has agreed to a $1 million settlement in a class-action lawsuit stemming from a 2022 cyberattack that exposed the personal data of 229,000 customers and employees. The breach, which occurred four years ago, compromised sensitive information, including full names, Social Security numbers, and driver’s license details. Plaintiffs alleged the casino failed to notify victims promptly, delaying alerts by nearly a month a lapse that heightened risks of identity theft and financial fraud. Under the settlement, affected individuals may claim up to $5,000 each, provided they can demonstrate direct financial harm. Any unclaimed funds will be distributed proportionally among claimants, with submissions due by May 11, 2026. The incident underscores the growing threat to the gaming industry, with other major casinos like Wynn Resorts and Caesars Entertainment also facing recent breaches. In 2023, Caesars reportedly paid $30 million to hackers to prevent the release of stolen data, highlighting the sector’s vulnerability to cyber extortion.

Scattered Spider Leader Pleads Guilty in $8M Cryptocurrency Heist A 24-year-old British national, Tyler Robert Buchanan alleged leader of the cybercrime group Scattered Spider has pleaded guilty in the U.S. to charges of wire fraud and aggravated identity theft. Prosecutors accuse Buchanan and four co-conspirators of stealing at least $8 million in cryptocurrency between September 2021 and April 2023 through a series of SMS phishing (smishing) attacks targeting employees at over a dozen companies. The victims spanned multiple industries, including entertainment, telecommunications, IT, cloud communications, and cryptocurrency services. The group used fraudulent text messages impersonating legitimate IT or business process outsourcing (BPO) suppliers, directing victims to fake login pages to harvest credentials. With stolen access, they executed SIM swap attacks, hijacking phone numbers and cryptocurrency wallets to siphon funds. Buchanan was arrested in June 2024 in Palma de Mallorca, Spain, and has been in U.S. custody since April 2025. He faces a maximum sentence of 22 years and is scheduled for sentencing on August 21, 2026. Three accomplices Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo, and Joel Martin Evans were charged in November 2024 with similar offenses, carrying potential 20-year prison terms. A fourth member, Noah Michael Urban (aka Sosa/Elijah), was sentenced to 10 years in 2024 after pleading guilty to related charges. Scattered Spider, also known as 0ktapus, UNC3944, and Octo Tempest, is a loosely organized, English-speaking collective of young hackers (some as young as 16) that operates via Telegram, Discord, and hacker forums. The group employs social engineering, MFA bombing, and SIM swapping to breach corporate networks. Since 2023, they have collaborated with Russian ransomware gangs, including BlackCat/AlphV, Qilin, and RansomHub. Notable attacks linked to Scattered Spider include breaches at MGM Resorts, Caesars, Riot Games, MailChimp, Twilio, DoorDash, and Reddit. In July 2024, UK authorities arrested a 17-year-old suspect tied to the 2023 MGM ransomware attack, further underscoring the group’s role in high-profile cybercrime.