MGM Resorts Faces $100 Million Blow from Cyber Breach

Reading Time: ( Word Count: )

October 6, 2023
Nextdoorsec-course

MGM Resorts recently disclosed that it faced a significant cyberattack last month, which led to a financial setback of $100 million and a compromise of the personal data of its customers.

On September 11, 2023, the leisure and entertainment behemoth reported a digital security breach that affected its primary website, online booking platforms, and on-site amenities such as slot machines, credit card facilities, and ATMs.

Subsequent investigations identified the culprits behind this cyber onslaught as Scattered Spider, a subgroup affiliated with the infamous BlackCat/ALPHV ransomware collective.

Using adept social engineering techniques, these cybercriminals infiltrated MGM’s systems, extracting sensitive information and encrypting more than a hundred ESXi hypervisors.

The resulting system downtime had a wide-reaching effect, significantly hindering many of MGM’s operational facets.

According to an SEC FORM 8-K submission, “MGM’s September cybersecurity setback has projected an adverse financial impact of approximately $100 million on the Adjusted Property EBITDAR for the Las Vegas Strip Resorts and other regional activities. Notably, while the website and app bookings faced disruptions, the predominant effects were during September, with an occupancy rate of 88%.”

Beyond the $100 million in lost revenue, MGM also incurred additional costs nearing $10 million. These costs were associated with risk mitigation, legal counsel, expert consultancy, and actions taken in response to the incident. Thankfully, MGM’s cybersecurity insurance is anticipated to cover these expenses.

Also Read: Lyca Mobile Faces Network Disruption Following Cyberattack

MGM Resorts Faces $100 Million Blow from Cyber Breach

MGM emphasizes that while Q3 2023 will show these financial impacts, they don’t foresee any lasting detriment to their annual fiscal outcomes.

The company now confirms that the breach has been neutralized. Their customer-centric systems are operational again, and any remaining offline modules should be back on track soon.

However, MGM cautions that clients who interacted with the company before March 2019 might have had their personal data accessed. Impacted patrons received notifications detailing the potential exposure of various personal details, ranging from basic contact information to sensitive identifiers like Social Security Numbers and passport details.

Fortunately, MGM’s internal inquiry hasn’t found evidence of password, bank, or payment card information leaks.

As a remedial measure, MGM offers complimentary credit surveillance and identity safeguarding services to the affected parties. The company also urges customers to be proactive, advising, “It’s crucial to stay alert against potential fraudulent activities by regularly scrutinizing account activities and overseeing free credit updates. Moreover, always be skeptical about unexpected communication attempts seeking your personal data.”

This situation underlines the importance of cybersecurity vigilance and the potential ramifications of lapses.

Saher Mahmood

Saher Mahmood

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
How Often Should Penetration Testing Be Done

How Often Should Penetration Testing Be Done

Penetration testing is a crucial technique that involves simulating a cyberattack on networks, computer systems, ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *