Data Breach
MGM Resorts International have provided an update following the data breach that occurred on September 11 2023. The hospitality and entertainment company are assuring customers that no bank account or card payment details were compromised during the breach.
In early September, a third party acquired unauthorised access to customer information held by the company. This included personal details such as names, phone numbers, addresses, email addresses, gender, date of birth, and driver's license numbers. The company also said that they believe: “a more limited number of” Social Security numbers and passport numbers were also accessed.
The company is now that passwords, bank account numbers, and credit or debit card information remain safe. A statement from the hospitality giant said that they have no evidence to suggest the data was accessed to carry out further identity theft or account fraud.
The attack targetted MGM Resorts’ website, their online reservation service, as well as services inside their Las Vegas outlet. The in-house services affected included cash machines, slot machines, and credit cards.
Reuters reported that hacking groups Scattered Spider and AlphV were involved in the attack. They worked together to infiltrate MGM systems and stole the data with the intention of holding MGM to ransom. This request was reportedly denied by MGM.
Shutdown
In response to the attack, MGM shut down its systems to contain the damage. They also released a statement confirming it had taken place. Customers were immediately reassured that MGM was working with cyber-security specialists in response.
Law enforcement was contacted at the time, and The FBI has now taken up the case and is investigating this instance along with other attacks carried out around the same time. Caesars Entertainment was also targeted in a similar breach recently.
The attack caused issues for guests at the casino. After the attack occurred, customers at the Las Vegas strip hotel posted pictures of error messages on slot machines and massive queues at the hotel.
A Big Cost
While the ransom was reportedly not paid, the attack will come at a big cost for MGM. Reports indicate that the company expects its third-quarter profits to take a hit of around $100 million. MGM Resorts made around $3.2 billion in Q3 of 2022. The annual gross profit for 2022 was $6.475 billion, a 39.25% increase from 2021.
The company believes they will also have spent $10 million on risk remediation, legal fees, third-party advisory, and incident response measures but that they will be fully covered by cybersecurity insurance. On the Wednesday following the attack, MGM Resorts International's share prices dropped notably.
