Feb. 28–Sands Casino Bethlehem officials late Friday revealed that computer hackers who took over the company websites on Feb. 11 also accessed the private information of tens of thousands of customers who visited the Bethlehem facility since it opened in 2009.
In a filing with the U.S. Securities and Exchange Commission, Las Vegas Sands Corp. stated that the “legally protected” personal information of customers who have visited the Bethlehem Casino was breached by hackers.
It was previously divulged that the hackers had made public some personal information of employees at the Bethlehem gambling hall, including Social Security numbers.
In its filing Sands did not specify what “legally protected” information includes, but the term generally refers to such things as driver’s license numbers, passport information and Social Security numbers.
It’s unclear whether it would include credit card numbers, but a Las Vegas Sands Corp. spokesman said every customer will be notified by letter in the next few days about exactly what information was released. The company also will offer free enrollment in credit monitoring and credit protection services.
In its statement, Sands said “a fraction of 1 percent” of all visitors to the Bethlehem Casino complex since it opened in 2009 had their information released.
However, considering that Sands Bethlehem is Pennsylvania’s most visited casino, hosting more than 8 million people a year at its casino, hotel, and outlet mall and concert venue, the personal information of tens of thousands of customers has been compromised.
“We have now determined that some legally protected guest data at Sands Bethlehem has been compromised. As of today, the number of customers we have identified represents a very small percentage (a fraction of one percent) of our total visitation there since opening. We also know that a mailing database, similar to what any direct marketing firm would use for promotional purposes, was also stolen,” corporate Spokesman Ron Reese said in a written statement. “We deeply regret that this data breach occurred, and we are working to ensure that the identified customers are protected. Las Vegas Sands is providing credit card monitoring and identity theft protection and we are notifying those customers about this coverage.
“We have also made a toll free number and a website available for anyone with questions or concerns. The Sands Bethlehem Data Breach Information Line can be reached at 1-866-579-2213 and the website address is http://www.sandsinfo.com,” Reese said. “We continue to work diligently with law enforcement officials and internal and external forensic IT experts to recover damaged data, restore lost data and determine the extent of data impacted in Las Vegas, as well as to ensure that the cyber criminals are identified and prosecuted.”
Las Vegas Sands is the world’s largest gambling company, with a market capital value of $66 billion and casinos in Bethlehem, Las Vegas, Singapore and Macao, China.
The first indication that hackers had attacked the company’s web pages came Feb. 10, when email accounts for thousands of Sands employees in Bethlehem and Las Vegas were shut down. Then Feb. 11, the Bethlehem casino’s website was hacked, prompting Las Vegas Sands to shut down all of its casino websites.
The hack began at about 12:15 p.m. Feb. 11, and for roughly 30 minutes hackers took over the site. The site showed a map of the world with flames burning in the locations where each Las Vegas Sands Casino is located, and a running scroll of employee names, Social Security numbers and email addresses for what appeared to be hundreds of Bethlehem casino workers.
A week later, it became clear that the hackers had used the Bethlehem Casino website as the portal to get into the global company’s system.
A motive for the hacking remains unclear, but Las Vegas Sands CEO Sheldon Adelson has been outspoken, especially in support of Israel. He has suggested a nuclear strike in the Iranian desert if necessary to prevent Iran from getting nuclear weapons.
The hacked website stated: “Damn A, don’t let your tongue cut your throat. Encouraging the use of weapons of mass destruction, under any conditions, is a crime.”
The short statement was signed by the “Anti WMD team.”
Hackers appeared to take over the site shortly after noon Feb. 11, and the company had it shut down by 12:45 p.m. that day.
Matthew.assad@mcall.com
610-820-6691
