Overview
Cohen Milstein and co-lead counsel represent members of Caesars’ Rewards program in two consumer protection class actions against Caesars Entertainment, which operates hotel casinos throughout Las Vegas and the United States. Both of these class actionsarose from two separate cyberattack and subsequent data breaches that have adversely impacted tens of millions of Caesars’ Rewards members.
Plaintiffs claim that the two separate data breaches were a result of Caesars’ negligence in managing its data security protocol. Furthermore, customers claim that they were not informed of these breaches in a timely manner, despite Caesars disclosing the cyber-attacks on their website and in Securities Exchange Commission filings.
Finally, plaintiffs claim that despite having suffered a data breach in 2023, Caesars failed to implement the requisite security measures and failed to prevent another data breach from occurring in early 2026.
When Did the Data Breaches Occur?
- The first cyberattack occurred on or around August 23, 2023. The cyberattack was discovered on September 7, 2023. Carried out by Scattered Spider, the cyberattack allegedly compromised the personal identifiable information (“PII”), including social security information, of more than 65 million members of the Caesars’ Rewards program.
- The second cyberattack occurred on or around March 1, 2026. Once again, private customer information was taken by cybercriminals, exposing customers to an elevated and significant risk of fraud and identity theft.
Can I Sign Up for the Class Action Against Caesars?
Yes. If you believe your personal information was compromised by Caesars in the 2026 data breach, please complete the sign-up form in the margin of this page.
We are no longer accepting sign-ups for the 2023 data breach litigation.
Important Dates & Rulings
- On April 22, 2026, plaintiffs filed Huddleston v. Caesars Entertainment, Inc., relating to the 2026 data breach.
- On August 15, 2025, Judge Anne R. Traum for the United States District Court for the District of Nevada denied Caesars’ motion to dismiss, allowing plaintiffs to move forward in this putative data breach class action.
- On June 12, 2024, Magistrate Judge Brenda Weksler of the United States District Court for the District of Nevada appointed Douglas J. McNamara, a partner in Cohen Milstein’s Consumer Protection practice, as Interim Co-Lead Class Counsel, a three firm leadership team.
- On July 29, 2024, plaintiffs filed In Re: Data Breach Security Litigation Against Caesars Entertainment, Inc., relating to the 2023 data breach.
Case Background
Caesars Entertainment, Inc. (NASDAQ: CZR), is a multibillion-dollar entertainment company, operating more than 50 casino gaming and resort properties across the United States.
Plaintiffs in both lawsuits are current and former members of Caesars Rewards program. With over 65 million members, Caesars purportedly has one of the largest loyalty programs in the industry.
In exchange for entrusting Caesars with highly sensitive PII such as their full legal name, full address, date of birth, drivers’ license number, passport numbers, and social security number, purchase information, gaming activity information, biometric information, and other sensitive data, members of Caesars’ Rewards program receive a variety of Caesars’ products and/or services.
2023 Data Breach
Plaintiffs allege that the 2023. data breach, which was discovered on September 7, 2023, was perpetrated by a cybercriminal group called “Scattered Spider,” which infiltrated an IT vendor of Caesar Entertainment through social engineering. As a result, the group was able to download the six-terabyte Caesars’ loyalty program member database, which included PII of the more than 65 million rewards program members. The group then demanded a $30 million ransom, of which Caesars reportedly paid $15 million.
Plaintiffs claim that the breach was the result of Caesars negligence in managing its data security protocol and that customers were not informed of the issue in a timely manner. Specifically, plaintiffs claim that despite Caesars disclosing the attack in a September 14, 2023 Securities Exchange Commission filing and on a website, Caesars did not explain the breadth of the breach to the SEC.
Plaintiffs further allege that Caesars exasperated the harm by waiting until sometime between October 6 and 18, 2023 to officially notify states’ attorneys general’s offices and send individual notices to the affected Caesars Rewards members that their PII was included in the data breach.
2026 Data Breach
Plaintiffs allege that despite having suffered a data breach as recently as 2023, Caesars failed to implement the requisite security measures and failed to prevent another data breach from occurring on or around March 1, 2026.
Once again, private customer information was taken by cybercriminals, exposing putative class members to an elevated and significant risk of fraud and identity theft.
In both cases, plaintiffs seek to remedy these harms on behalf of themselves, and all similarly situated consumers whose personal information was stolen in the data breach.
Case name for the 2026 data breach: Huddleston v. Caesars Entertainment, Inc., Case No.: 2:26-cv-01237 (D. Nev.)
Case name for the 2023 data breach: In Re: Data Breach Security Litigation Against Caesars Entertainment, Inc., Case No. 2:23-cv-01447 (D. Nev.)