UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM
CURRENT REPORT
Pursuant to Section 13 or 15(d)
of the Securities Exchange Act of 1934
Date of Report (Date of earliest event reported):
(Exact name of registrant as specified in its charter)
(State or other jurisdiction of incorporation) |
(Commission File Number) |
(IRS Employer Identification No.) |
|
||
(Address of principal executive offices) | (Zip Code) |
Registrant’s telephone number, including area code:
Not Applicable
(Former name or former address, if changed since last report)
Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:
Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425) |
Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12) |
Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b)) |
Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c)) |
Securities registered pursuant to Section 12(b) of the Act:
Title of Each Class |
Trading |
Name of each exchange | ||
Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§240.12b-2 of this chapter).
Emerging growth company
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Item 8.01 | Other Events. |
Caesars Entertainment, Inc. (the “Company,” “we,” or “our”) recently identified suspicious activity in its information technology network resulting from a social engineering attack on an outsourced IT support vendor used by the Company. Our customer-facing operations, including our physical properties and our online and mobile gaming applications, have not been impacted by this incident and continue without disruption.
After detecting the suspicious activity, we quickly activated our incident response protocols and implemented a series of containment and remediation measures to reinforce the security of our information technology network. We also launched an investigation, engaged leading cybersecurity firms to assist, and notified law enforcement and state gaming regulators. As a result of our investigation, on September 7, 2023, we determined that the unauthorized actor acquired a copy of, among other data, our loyalty program database, which includes driver’s license numbers and/or social security numbers for a significant number of members in the database. We are still investigating the extent of any additional personal or otherwise sensitive information contained in the files acquired by the unauthorized actor. We have no evidence to date that any member passwords/PINs, bank account information, or payment card information (PCI) were acquired by the unauthorized actor.
We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result. We are monitoring the web and have not seen any evidence that the data has been further shared, published, or otherwise misused. Nonetheless, out of an abundance of caution, we are offering credit monitoring and identity theft protection services to all members of our loyalty program. To sign up for these services, members may call (888) 652-1580 from 9:00 a.m. to 9:00 p.m. Eastern Time, Monday through Friday other than holidays.
Additionally, we will be notifying individuals affected by this incident consistent with our legal obligations. These notifications will be made on a rolling basis in the coming weeks. In the meantime, individuals with questions may contact the dedicated incident response line we have established to address questions about this incident, which can be reached at (888) 652-1580 from 9:00 a.m. to 9:00 p.m. Eastern Time, Monday through Friday other than holidays.
While no company can ever eliminate the risk of a cyberattack, we believe we have taken appropriate steps, working with industry-leading third-party IT advisors, to harden our systems to protect against future incidents. These efforts are ongoing. We have also taken steps to ensure that the specific outsourced IT support vendor involved in this matter has implemented corrective measures to protect against future attacks that could pose a threat to our systems.
We have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter. The full scope of the costs and related impacts of this incident, including the extent to which these costs will be offset by our cybersecurity insurance or potential indemnification claims against third parties, has not been determined. Although we are unable to predict the full impact of this incident on guest behavior in the future, including whether a change in our guests’ behavior could negatively impact our financial condition and results of operations on an ongoing basis, we currently do not expect that it will have a material effect on the Company’s financial condition and results of operations.
The trust of our valued guests and members is deeply important to us, and we regret any concern or inconvenience this may cause.
For additional information, please visit https://response.idx.us/caesars. Information set forth on that website is not incorporated herein by reference.
Forward-Looking Statements
This report includes “forward-looking statements” within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. When used in this report, the terms or phrases such as “anticipates,” “believes,” “projects,” “plans,” “intends,” “expects,” “might,” “may,” “estimates,” “could,” “should,” “would,” “will likely continue,” and variations of such words or similar expressions are intended to identify forward-looking statements. Examples of such statements include, but are not limited to, the scope of data that was accessed and copied by the unauthorized actor; the efficacy of the steps that we have taken to prevent the release of customer data and future cybersecurity incidents; and the impacts of the cybersecurity incident on our guests and on the Company’s business, financial condition and results of operations. We may uncover additional facts not currently known to us, which may cause us to reassess such matters. Factors that could cause actual results to differ materially from those expressed or implied include the following: the ongoing assessment of the cybersecurity incident and our ability to fully assess and remedy the incident; the impact of the cybersecurity incident on our guests and our relationship with existing and future guests; legal, reputational and financial risks resulting from the cybersecurity incident or additional cybersecurity incidents; our ability to recover under our cybersecurity insurance policies and make indemnification claims against third parties; our ability, and the ability of our outsourced vendors, to implement corrective measures to protect against future cybersecurity incidents; litigation or regulatory proceedings that may be brought against the Company as a result of the cybersecurity incident; and the other factors set forth in the Company’s Annual Report on Form 10-K for the year ended December 31, 2022, and other public filings with the Securities and Exchange Commission.
These forward-looking statements speak only as of the date of report, even if subsequently made available on our website or otherwise, and we assume no obligation to update any forward-looking as a result of new information or future events or developments, except as may be required by law.
Signatures
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.
Date: September 14, 2023 | CAESARS ENTERTAINMENT, INC. | |||||
By: | /s/ Edmund Quatmann, Jr. | |||||
Name: | Edmund Quatmann, Jr. | |||||
Title: | Chief Legal Officer, Executive Vice President and Secretary |