On September 10, MGM Resorts detected a significant data breach that is forecasted to result in expenses exceeding $100 million for the casino giant.
As a response to the cyberattack, MGM proactively shut down several of its computer systems at its properties across the United States.
The impact of the breach was immediately felt across MGM’s operations. Customers in locations including Las Vegas and various other states encountered issues: they were unable to process credit card transactions, withdraw cash, or even access their hotel rooms. The company worked diligently to address the disruptions, and by September 20, normal operations were resumed.
Though MGM has yet to provide a detailed account of the cyberattack, early indications point to the hallmarks of an extortionary ransomware attack. Should this be verified, the incident might be recognized as one of the most expensive ransomware attacks in history. While MGM has refrained from affirming these speculations, the potential implications raise concerns for the entire hospitality sector.
Delving deeper into the data accessed, it was revealed that the hackers successfully compromised a vast range of personal information. This included names, contact details, driver’s license numbers, and even a limited set of Social Security and passport numbers belonging to MGM customers. In a bid to alleviate concerns, MGM’s CEO, Bill Hornbuckle, has clarified that bank or payment card information of customers remained untouched.
In a report, it was shared that the hacking group AlphV, in partnership with another entity named Scattered Spider, took responsibility for the breach. Notably, their focus was on the data of patrons who utilized MGM’s services before March 2019. This subset of customers had their personal information, from basic contact data to more sensitive identification details, exposed.
Financially, MGM faces a daunting challenge. Beyond the anticipated $100 million in damages, there’s an expectation of further costs in the upcoming quarter related to the breach’s aftermath.