Overview
On July 29, 2024, Cohen Milstein and co-lead counsel, filed a consolidated class action complaint in In Re: Data Breach Security Litigation Against Caesars Entertainment, Inc., a putative consumer protection class action arising from a cyberattack that occurred on or around August 23, 2023. The cyberattack allegedly impacted the personal identifiable information (“PII”) of more than 65 million members of Caesars Rewards Members at Caesars Entertainment, which operates hotel casinos throughout Las Vegas and the United States. The data breach was discovered on September 7, 2023.
Plaintiffs, who are members of Caesars’ Rewards program, allege that the breach was the result of Caesars negligence in managing its data security protocol and that customers were not informed of the issue in a timely manner, despite Caesars disclosing the cyber-attack in a September 14, 2023 Securities Exchange Commission filing and on a website.
Important Rulings
- On June 13, 2024, Magistrate Judge Brenda Weksler of the United States District Court for the District of Nevada appointed Douglas J. McNamara, a partner in Cohen Milstein’s Consumer Protection practice, as Interim Co-Lead Class Counsel, a three firm leadership team.
Case Background
Caesars Entertainment, Inc. (NASDAQ: CZR), is a multibillion-dollar entertainment company, operating more than 50 casino gaming and resort properties across the United States.
Plaintiffs are current and former members of Caesars Rewards program. With over 65 million members, Caesars purportedly has one of the largest loyalty programs in the industry.
In exchange for entrusting Caesars with highly sensitive PII such as their full legal name, full address, date of birth, drivers’ license number, passport numbers, and social security number, purchase information, gaming activity information, biometric information, and other sensitive data, members of Caesars’ Rewards program receive a variety of Caesars’ products and/or services.
Plaintiffs allege that the data breach, which was discovered on September 7, 2023, was perpetrated by a cybercriminal group called “Scattered Spider,” which infiltrated an IT vendor of Caesar Entertainment through social engineering. As a result, the group was able to download the six-terabyte Caesars’ loyalty program member database, which included PII of the more than 65 million rewards program members. The group then demanded a $30 million ransom, of which Caesars reportedly paid $15 million.
Plaintiffs claim that the breach was the result of Caesars negligence in managing its data security protocol and that customers were not informed of the issue in a timely manner. Specifically, plaintiffs claim that despite Caesars disclosing the attack in a September 14 Securities Exchange Commission filing and on a website, Caesars did not explain the breadth of the breach to the SEC.
Plaintiffs further allege that Caesars exasperated the harm by waiting until sometime between October 6 and 18, 2023 to officially notify states’ attorneys general’s offices and send individual notices to the affected Caesars Rewards members that their PII was included in the data breach.
Plaintiffs seek to remedy these harms on behalf of themselves and all similarly situated consumers whose PII was stolen in the Data Breach. including the deletion of Class Members’ information from unsecured locations, as detailed below.
Case name In Re: Data Breach Security Litigation Against Caesars Entertainment, Inc., Case No. 2:23-cv-01447, United States District Court for the District of Nevada