MGM Resorts $100 Million Customer Data Stolen in Ransomware Attack

The cyberattack that occurred in MGM Resorts in September, cost them $100 million. This attack enabled the hackers to take customer’s private data. They disclosed this cybersecurity issue on 11th September 2023.

It was revealed that this attack primarily had an effect on its website, online reservation systems, as well as, casino services, such as slot machines, credit card terminals, and ATMs. 

After some days, it was found out that the person responsible for the attack was an associate of a ransomware gang, popular as ‘Scattered Spider’. The hackers broke through MGM’s network with the help of social engineering and stole sensitive information. Not only this, they encrypted more than a hundred ESXi hypervisors.

The ransomware attack disturbed various business operations and went on for an increased time period, with the impact of the IT system outage. MGM is refusing to pay the ransom to remove the Ransomware virus.

MGM Uninfluenced By the Theft

A FORM 8-K filing with the SEC filing states, “[MGM] estimates a negative impact from the cyber security issue in September of approximately $100 million to Adjusted Property EBITDAR for the Las Vegas Strip Resorts and Regional Operations, collectively.”

MGM along with losing $100 million, also experienced a loss of less than $10 million. This covered the expenses for legal fees, third-party consultation, risk remediation, and incident response measures. MGM states that these expenses will be taken care of by their cybersecurity insurance.

Altogether, MGM declared that the economic hit will be restricted to the quarterly months of 2023 only. They don’t expect any notable impact on their yearly financial performance.

It is believed by MGM Resorts that the incident was subdued. All the guest-facing systems are completely reinstalled and the remaining systems that are offline will continue formal functioning in the upcoming days.

Stolen Customer Information

MGM warned that the hackers stole the personal information of customers who did a transaction with MGM before 2019 March. All the affected persons were notified, revealing to them that a few details were stolen by the cybercriminals.

The investigation did not disclose any signs that the customer’s passwords, bank account numbers, and payment card data were exposed to the hackers.

All those who were impacted by the data breach were offered credit card monitoring and identity protection services from the firm. They also warn the customers to stay alert from unprompted communications.

MGM Resorts also says, “We recommend that you remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring your free credit reports.” Including, “We also recommend that you remain alert for unsolicited communications involving your personal information."