Las Vegas Sands Says Customer Data Stolen in Cyber-AttackChristopher Palmeri
Las Vegas Sands Corp., the world’s largest casino company, said customer data at its Pennsylvania property was stolen in a cyber-attack on its computer systems this month.
The information included guests’ Social Security and drivers license numbers, and may also involve bank and credit-card data, the company said yesterday on a website.
“We have now determined that some legally protected guest data at Sands Bethlehem has been compromised,” the Las Vegas-based company said in a statement.
The latest details of the stolen data, made public in a company regulatory filing today, indicate the attack went beyond the defacing of company websites and knockout of its corporate e-mail systems. Recent attacks on Target Corp. and Neiman Marcus Group Ltd. have also underscored the vulnerability of private customer data to computer thieves.
As of yesterday, the affected guests numbered in the tens of thousands, or less than 1 percent of total visitors to the casino since its 2009 opening, according to Ron Reese, a company spokesman. A direct-mail-type database was stolen and other company data destroyed, Sands said. It is unable to determine the financial losses related to incident.
Sands said it’s notifying customers and providing credit-card monitoring and identity-theft protection.
Sands, controlled by billionaire Sheldon Adelson, disclosed on Feb. 11 that it was the victim a cyber-attack in which images of burning casinos were projected onto a company website along with a photo of Adelson and Israeli Prime Minister Benjamin Netanyahu.
On Feb. 18, the company said it restored its websites and revealed the hackers had breached internal hard drives. An 11-minute video on YouTube.com appeared to show dozens of administrator passwords, employee names and diagrams of the Sands’ computer network.
The U.S. Secret Service and FBI are investigating.
Sands gained 0.1 percent to $85.25 yesterday in New York. The shares have advanced 8.1 percent this year.