iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Casino and gambling giant MGM Resorts has revealed the cost of a cyber attack that took many of its Las Vegas operations offline in September.
MGM made the announcement in an SEC 8-K filing last week detailing the financial impact of the incident to shareholders.
According to the filing, the incident has cost MGM About US$100 million across its hotels and other venues on the Las Vegas strip. The company has also said that it incurred costs of “less than $10 million in one-time expenses” in relation to consulting costs, legal fees, and the “expenses of other third-party advisors”.
The filing also details some of the business impacts of the incident. While MGM believes the incident will have a material effect on its yearly results, hotel occupancy was down from 93 per cent to 88 per cent in September as a result of the ransomware attack, while for October, occupancy is expected to be just a single percentile down from its usual 94 per cent rate.
MGM has also confirmed that some customer data was compromised. While the company does not believe financial and bank details were impacted, some historical data belonging to customers prior to 2019 were accessed. This includes basic personal information, email and postal addresses, and driver’s license numbers.
“For a limited number of customers, Social Security numbers and passport numbers were also obtained by the criminal actors,” the resort said in its filing. “The types of impacted information varied by individual.”
Some resort systems are still being affected, however.
“The company continues to focus on restoring the remaining impacted guest-facing systems, and the company anticipates that these systems will be restored in the coming days,” it said.
The ransomware attack occurred in early September 2023, with the ALPHV ransomware gang taking responsibility. MGM was forced to shut down many of its hotel and gambling systems, and confused reporting on the incident led to the threat actor releasing a lengthy, detailed statement on the background of the hack.
Since then, the company is also facing a number of legal challenges. Five class actions have been launched against the company, alleging that MGM did not adequately disclose the breach and that customer data was not properly secured.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
