(AsiaGameHub) – Caesars Entertainment is currently confronting a class action lawsuit over alleged data breaches that occurred in 2023 and once more earlier this year.
The firm experienced a highly publicized security compromise in September 2023. The lawsuit claims the company failed to address its security flaws and suffered another data hack in early 2026.
The plaintiff, Mark Huddleston, asserts his data was stolen by cybercriminals, and holds Caesars responsible for failing to properly safeguard his personal information.
“Caesars ignored the rights of the Plaintiff and Class Members by negligently failing to implement reasonable measures to safeguard Private Information and by skipping necessary steps to prevent unauthorized disclosure of that information,” the complaint states.
“Caesars’s woefully inadequate data security measures made the Data Breach a foreseeable, and even likely, consequence of its negligence.”
Huddleston is a Texas resident and states he has been a Caesars Rewards member since 2007. He submitted the lawsuit to the U.S. District Court in Nevada, where Caesars maintains its headquarters.
Caesars Paid Ransom to Limit Harm From the Hack
In 2023, Caesars is reported to have paid a $15 million ransom to the hacking group Scattered Spider.
At the time, Caesars released a statement saying, “We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result. We are actively monitoring the internet and have not found any evidence that the data has been further shared, published, or otherwise misused.”
The lawsuit alleges that the breach exposed Huddleston and other similarly affected individuals to “threats of identity theft crimes, fraud, scams, and other misuses of their Private Information.”
It notes the lawsuit meets class action eligibility requirements as total damages exceed $5 million stemming from the compromise of more than 100 customers’ data.
Caesars Delayed Notifying Authorities and Users
The Scattered Spider attack specifically targeted Caesars Rewards members, impacting as many as 65 million users. Caesars did not immediately alert authorities or its customers of the incident.
In a LinkedIn post, Cybersecurity Strategist Matthew Rosenquist claims the actual attack took place in August 2023, but Caesars did not report it until September. The company then mailed a notification letter to users (copy included below) in October.
“Time is of the essence when highly sensitive Private Information is subject to unauthorized access and/or acquisition,” the lawsuit states. “The disclosed, accessed, and/or acquired Private Information of Plaintiff and Class Members is now likely available on the Dark Web.”
Second Breach Took Place Earlier This Year
The lawsuit claims that Caesars failed to adequately protect data following the 2023 attack, leading to a second breach earlier this year. This incident has received far less public attention, but the lawsuit references a March article that cites social media rumors of another attack.
A post on X alleged that Caesars employees lost access to Okta, an internal system used to manage login credentials.
The lawsuit alleges that the stolen data includes, “at a minimum, Plaintiff’s and Class Members’ contact information and dates of birth. But based on the types of Private Information that were taken in the 2023 breach, it can be expected that even more sensitive information, including Social Security numbers and driver’s license numbers were also stolen in 2026.”
The complaint alleges that the repeated breaches violate Federal Trade Commission’s (FTC) guidelines. The FTC did not issue any sanctions against Caesars for the 2023 breach.
Last year, the company was ordered to pay a $7.8 million fine over anti-money laundering failures. The casino group is alleged to have allowed illegal bookmakers to launder funds at its properties.
Earlier this month, a former employee also filed a lawsuit against the company, alleging his termination was the result of racial discrimination.
This article is provided by a third-party. AsiaGameHub (https://asiagamehub.com/) makes no warranties regarding its content.
AsiaGameHub delivers targeted distribution for iGaming, Casino, and eSports, connecting 3,000+ premium Asian media outlets and 80,000+ specialized influencers across ASEAN.