Las Vegas Sands Customer Data Stolen in Hacking Incident

Posted on: March 5, 2014, 05:30h. 

Last updated on: March 5, 2014, 05:00h.

Hackers who cracked the Las Vegas Sands Corporation websites in February made off with some customer data as well, authorities say (Image:

Most players who walk into a casino know that they’re likely to lose on any given night. But while they might expect the casino to possibly take their money, customers at one casino suffered losses of another kind when hackers gained access to their personal data.

Computer hackers stole data from customers of the Las Vegas Sands corporation last month, gaining access to the Social Security numbers and drivers license numbers of many players at the Sands Bethlehem, a casino run by the company in Pennsylvania. It was unclear if any information related to credit cards or other financial accounts was affected by the breach.

Sands is also working to see if any information was stolen from customers at their other properties around the world. The company owns and operates casinos in Las Vegas, Macau, Singapore and in other markets.

Database Breached

The information was stolen along with a mailing database similar to the databases run by direct marketing firms, political campaigns and other groups that look to market to known customers or supporters. Overall, less than one percent of all visitors to the Bethlehem casino were affected by the breach, according to company executives.

In order to help customers who had been affected by the information theft, Sands notified those individuals who had data stolen. They also said they will be providing those customers with credit monitoring and identity theft protection, and have set up a toll-free number for customers who may have questions about the situation.

“We are committed to ensuring the security of all data that our guests and team members entrust to us, and are providing free credit report monitoring and identity theft protection service through Experian to identified customers by the data breach,” the company said in a statement.

It appears that the data was stolen during a major cyber attack that took place on February 10 and 11. That attack resulted in hackers changing the home pages of several Sands-related websites to condemn Sands CEO Sheldon Adelson for comments he made about attacking Iran with nuclear weapons. At the time, it was clear the hackers had at least gained some information on Sands employees, as the sites posted Social Security numbers for several who worked at the Sands Bethlehem.

The Sands websites were down for nearly a week after the attack, and internal systems were also down for a time. Corporate employees had to work for days without access to work computers or email accounts.

Passwords Also Stolen

The extent of the attack was better understood last week when an anonymous video was posted online showing additional information that was stolen during the incident. That included passwords that administrators used for slot machine systems and some of the player information taken from the Bethlehem casino databases.

The attack was reported to officials, and the FBI and Secret Service are continuing to investigate the attack.

According to an annual Securities and Exchange Commission report that the Sands filed last Friday, the attack may also have destroyed some company data, though the extent of the problem was unclear. Sands officials were as yet unsure whether any financial losses were suffered as a result of the attack, or how large those losses could be.