Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







MGM Resort Expects $100 Million Fallout from Recent Cyberattack

Executive Summary

MGM Resorts International, one of the world’s largest gambling firms, recently suffered a cyberattack resulting in a projected $100 million financial hit for the third quarter.

Although the breach exposed sensitive customer data predating March 2019, no evidence of identity theft or fraud has emerged. Also, the company determined that no customer bank or payment information was compromised.

MGM Resorts expects a minor dip in occupancy rates for October but anticipates a strong fourth quarter.

Despite the financial impact, MGM Resorts believes it has adequate insurance coverage, though the full extent of the breach’s consequences is yet to be determined.

Attack and Response

MGM Resorts promptly responded to the cyberattack by shutting down its systems to contain potential damage.

Customers shared images on social media following the attack, showing slot machines displaying error messages and long queues at hotels in Las Vegas. MGM has not commented on whether any ransom was demanded or paid.

While we experienced disruptions at some of our properties, operations at our affected properties have returned to normal, and the vast majority of our systems have been restored

said MGM Resorts President and CEO Bill Hornbuckle in an open letter to customers.

Hornbuckle apologized to customers and also expressed gratitude to employees who were stretched thin by the attack, as hotel services like reservations, casino gaming, digital keys and other services were disrupted.

For more information about the MGM cyberattack, you can visit the following news articles about the attack:

Data Breach Details

MGM Resorts filed a consumer MGM Resorts filed a consumer breach notice with the Maine Attorney General’s office on October 5th, revealing that the breach was initially discovered between September 8 and September 12. According to the notice, the company determined on Sept. 29 that an unauthorized actor obtained the data of MGM Resorts customers on Sept. 11. Impacted customers are being notified via email.

The breach compromised the private data of customers who had used MGM services before March 2019. This included contact information, gender, date of birth, and driver’s license numbers. The company also suspects a limited number of Social Security numbers and passport numbers were accessed.

We have no evidence that the criminal actors have used this data to commit identity theft or account fraud.

MGM clarified
Financial Impact

The full extent of the costs and impacts of the breach is still unknown. However, MGM estimates that its adjusted property core profit for its Las Vegas Strip division will be negatively impacted by approximately $100 million.

Additionally, they anticipate incurring around $10 million in one-time costs for the quarter ending on September 30.

They also expect a slight decline in occupancy, with a decrease from 94% to 93% in October compared to the same month in the previous year.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.