February 28, 2014|By Matt Assad, Of The Morning Call
Sands Casino Resort Bethlehem late Friday revealed that computer hackers who took over the company websites on Feb. 11 also accessed the private information of tens of thousands of customers who visited the gambling hall since it opened in 2009.
In a filing with the U.S. Securities and Exchange Commission, Las Vegas Sands Corp. stated that the "legally protected" personal information of customers who have visited the Bethlehem casino was breached by hackers.
It was previously divulged that the hackers had made public some personal information of employees at the casino, including Social Security numbers.
In its filing Sands did not specify what "legally protected" information includes, but the term generally refers to such things as driver's license numbers, passport information and Social Security numbers — all identifications Sands patrons use to rent rooms and apply for player cards.
It's unclear whether it would include credit card numbers, but a Las Vegas Sands Corp. spokesman said every affected customer will be notified by letter in the next few days about exactly what information was released. Any customer not contacted can assume his or her information was not compromised.
The company is offering free enrollment in credit monitoring and credit protection services to all affected customers.
In its statement, Sands said "a fraction of one percent" of all visitors to the Bethlehem casino complex since it opened in 2009 had their information released.
However, Sands Bethlehem is Pennsylvania's most visited casino, hosting more than 8 million people a year at its casino, hotel, outlet mall and concert venue. One percent would amount to more than 40,000 people whose personal information may have been accessed.
Las Vegas Sands spokesman Ron Reese would say only say the number is "in the mid-five figures."
In a statement, Reese said: "We have now determined that some legally protected guest data at Sands Bethlehem has been compromised. As of today, the number of customers we have identified represents a very small percentage (a fraction of one percent) of our total visitation there since opening. We also know that a mailing database, similar to what any direct marketing firm would use for promotional purposes, was also stolen. We deeply regret that this data breach occurred, and we are working to ensure that the identified customers are protected."
The statement continues: "We have also made a toll-free number and a website available for anyone with questions or concerns. The Sands Bethlehem Data Breach Information Line can be reached at 1-866-579-2213 and the website address is http://www.sandsinfo.com. We continue to work diligently with law enforcement officials and internal and external forensic IT experts to recover damaged data, restore lost data and determine the extent of data impacted in Las Vegas, as well as to ensure that the cyber criminals are identified and prosecuted."
The FBI and U.S. Secret Service continue to investigate the breach, but have not commented on who may have done it or why.
The investigation included dissecting an 11-minute video, posted on YouTube, in which the hackers appeared to be accessing internal company folders, files and databases. It also showed employee files and a diagram of internal networks.
It's been a tumultuous two weeks for the Bethlehem casino. Wednesday, Robert DeSalvio — the casino's only CEO since it opened — announced his resignation. Sands' corporate President Michael Leven quickly dispelled any speculation that it was related to the Feb. 11 data breach, saying the company was disappointed by his departure and wished him well in his next endeavor.
Three sources later said DeSalvio resigned to lead Wynn Resorts in its efforts to open a $1.2 billion casino outside Boston. DeSalvio, who has not commented and has referred all questions to Reese, will remain at the Bethlehem Sands casino until March 14.
Las Vegas Sands is the world's largest gambling company, with a market capital value of $66 billion and casinos in Bethlehem, Las Vegas, Singapore and Macao, China.
The first indication that hackers had attacked the company's Web pages came Feb. 10, when email accounts for thousands of Sands employees in Bethlehem and Las Vegas were shut down. Then Feb. 11, the Bethlehem casino's website was hacked, prompting Las Vegas Sands to shut down all of its casino websites.
The hack began about 12:15 p.m. Feb. 11, and for roughly 30 minutes hackers took over the site. The site showed a map of the world with flames burning in the locations where each Las Vegas Sands casino is located, and a running scroll of employee names, Social Security numbers and email addresses for what appeared to be hundreds of Bethlehem casino workers.
A week later, it became clear that the hackers had used the Bethlehem casino website as the portal to get into the global company's system.
A motive for the hacking remains unclear, but Las Vegas Sands CEO Sheldon Adelson has been outspoken, especially in support of Israel. He has suggested a nuclear strike in the Iranian desert, if necessary, to prevent Iran from getting nuclear weapons.
The hacked website stated: "Damn A, don't let your tongue cut your throat. Encouraging the use of weapons of mass destruction, under any conditions, is a crime."
The short statement was signed by the "Anti WMD team."
Hackers appeared to take over the site shortly after noon Feb. 11, and the company had it shut down by 12:45 p.m. that day.
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
610-820-6691
| < Prev | Next > |
|---|