Caesars Fined in Michigan After Player Exploits Unsecured System

How the breach unfolded

According to MGCB documents, the issue stemmed from an unsecured internal application used to update patron account balances after cash deposits.

Caesars, operating under its William Hill license in Michigan, mistakenly allowed a customer to access the tool directly. Between April 12 and April 28, 2023, the player executed 116 false deposits totaling $2,156,625 without providing actual funds.

Using the inflated balance, the customer placed nearly 10,000 wagers worth over $88 million in just 16 days. While most of the bets lost, he managed to withdraw $591,469.65 before the flaw was identified.

The case was self-reported by Caesars, which acknowledged the violation in an agreement with regulators. MGCB Executive Director Henry Williams signed the consent order in August 2025.

Caesars’ penalty and response

The $100,000 fine was assessed for failing to maintain adequate internal controls rather than for endangering player funds. In a compliance meeting, Caesars representatives emphasized that the company:

• Detected and reported the error itself,

• Cooperated with law enforcement in prosecuting the player, and

• Worked with its Player Account Management (PAM) vendor to prevent recurrence.

The customer, identified as Jeffrey Saco, faced eight felony counts tied to fraud and false deposits. He reached a plea deal earlier in 2025 that included: three months in jail, three years of probation, and restitution payments to Caesars.

Saco paid $25,000 upfront in April 2025 and must continue monthly installments of $2,500 for the duration of his probation.

Court records note that he placed nearly 10,000 bets during the short period of access, illustrating both the scope of the loophole and the potential risk to operators if such vulnerabilities remain unchecked.