Casino Operator Olympia Gaming Hit By Cybersecurity Breach

Olympia Gaming, the Nevada-based casino operator behind Legends Bay in Sparks and Casino Fandango in Carson City, has become one of the latest victims of a cybersecurity breach. Local NBC affiliate KRNV disclosed this week that certain systems within its operations were compromised, though the full extent of the attack remains unclear.

Olympia Gaming said that it has acted to contain the breach and prevent further damage and that it has implemented immediate measures to secure its systems. However, specific details about the scope of the attack and the potential data affected have not been disclosed.

To navigate this complex situation, Olympia Gaming is collaborating with national external cybersecurity specialists. These experts, which Olympia didn’t name, are tasked with identifying the perpetrators and assessing the overall impact of the cyberattack.

This incident at Olympia Gaming is part of a troubling trend of cyberattacks targeting casino operators. Notably, MGM Resorts and Caesars Entertainment are two of the more recent victims of similar breaches.

The infamous hacker group Scattered Spider is allegedly behind these high-profile attacks. It has claimed attacks on more than 45 U.S.-based companies, allegedly receiving millions of dollars in payouts.

Scattered Spider leader nabbed

This week, significant progress was made in the investigation into Scattered Spider’s activities. A 22-year-old alleged leader from the U.K., who authorities have not identified publicly, was apprehended in Spain.

Authorities captured him at Palma de Mallorca airport as he was about to board a flight to Italy, acting on a tip-off from the FBI. There are possibilities that this individual could face extradition to the U.S. to stand trial for his alleged crimes.

The crackdown on Scattered Spider began earlier this year. In January, 19-year-old Noah Michael Urban, another suspected member of the group, was arrested. It isn’t clear if he may have given up information that led to the arrest of the ringleader.

It’s believed that the individual could have had access to over $27 million in cryptocurrency, although that was only a portion of what Scattered Spider may have collected over the course of its activities. MGM didn’t pay a ransom; however, Caesars, after initial denials, ultimately admitted that it handed over $15 million.

The arrest of the two individuals may hinder Scattered Spider’s capabilities, but probably not for long. Cybersecurity expert and ReliaQuest Senior VP of Security Operations Michael McPherson recently warned, “While this uncertainty persists, the group’s activities will likely result in a short-term reduction in their output. However, if the international law enforcement is unable to sustain this pressure on the group by conducting follow-on arrests it is likely that the group will view the arrest merely as a speed bump and either move forward under new leadership or restart their operations.”

MGM battles the FTC

The attack on MGM Resorts has also drawn significant regulatory scrutiny. The Federal Trade Commission (FTC) has launched an investigation to determine whether MGM took sufficient measures to protect its customers’ personal information and ensure the security of its systems.

However, MGM’s response to this investigation has been less than cooperative. Now, the FTC has filed a request through federal court to compel MGM to comply with its Civil Investigative Demand (CID). The CID is a legal mechanism that allows the FTC to gather necessary information during its investigations.

By filing a petition, the FTC is asking a judge to mandate that MGM provide the requested documents and details concerning the cyberattack. MGM has been unyielding in its resistance to the FTC’s efforts, going so far as to sue the FTC to try to stop its investigation. The company has argued that the agency has no jurisdiction in the matter since it is not a financial institution.