Sands casino says player information compromised during breach

The Sands Corporation, a casino operation with properties around the world, has confirmed that player information was compromised during an attack last month.

In early February, the "Anti WMD Team" defaced the corporate website of Sands Corporation. The firm is responsible for several casinos, including Bethlehem Sands in Pennsylvania, the Venetian and Palazzo hotels, in Las Vegas, Marina Bay Sands in Singapore, and hotels in Macau, China.

The defacement appeared to be the result of comments made by casino owner Sheldon Adelson, who is said to have passively commented his support for the usage of nuclear weapons against Iran. At the time, the casino pulled their websites offline, and kept them down for some time while the situation was addressed.

In statements to media, a spokesperson for Sands Corporation said they were working with law enforcement; and in an interview with the Associated Press, Nevada Gaming Control Board chairman A.G. Burnett said that gamer personal information, as well as financial information was not part of the incident and remained secure.

Shortly after the initial defacement incident, the "Anti WMD Team" released an eleven minute video, which has since been removed by YouTube for TOS violations, showing the group sorting more than 800GB of data taken from casino.

The video examines various including hundreds of documents pertaining to IT operations (including password lists and network topology maps), human resources, and more from the Bethlehem location. After the video's release, Sands said that there was no evidence that player information was at risk, but they admitted that employee information had been compromised.

On Friday, within regulatory filings, the casino said that in addition to employee data, player data was compromised as well. A spokesperson for the company said that at this point, the number of customers impacted is in the mid-five figure range.

"We believe that compromised information may have included credit card information or bank account information, as well as social security numbers, driver’s license numbers, and other confidential information used to initiate a line of credit, for tax reporting purposes or for gaming."

In addition, a database similar to one that a directing marketing campaign would utilize was also compromised. Players that have been confirmed to be impacted will be contacted directly by Sands Bethlehem, and offered one year of free credit monitoring.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.