MGM Resorts International, a leading global gambling corporation, revealed that the cyber attack it suffered last month will have a significant financial impact, estimating a $100 million hit to its third-quarter results. The cyber security incident disrupted its operations, prompting MGM to shut down its systems to contain the damage and initiate restoration efforts.
Las Vegas, Nevada-based MGM Resorts International disclosed that expects to incur an additional one-time cost of less than $10 million related to the cyberattack for the quarter ending on September 30. Customers had reported disruptions in their experiences, including error messages on slot machines and queues at hotels in Las Vegas.
The hacking group AlphV claimed responsibility for the data breach at the casino giant. Sources have indicated that AlphV collaborated with another group named Scattered Spider to infiltrate MGM’s systems and steal data for extortion purposes. Private customer data from those who utilized MGM services before March 2019 was compromised, including contact information, gender, date of birth, and driver’s license numbers, Reuters news report said.
MGM stated, “We also believe a more limited number of Social Security numbers and passport numbers were obtained,” while reassuring that there is no evidence of criminal use of this data for identity theft or account fraud.
Cybercriminals often hold stolen data for ransom or sell it to other nefarious entities. The FBI is actively investigating the MGM data breach, underscoring the severity and implications of such cybercrimes for large organizations. Analysts monitoring Scattered Spider note an alarming increase in successful social engineering schemes by this group targeting organizations.
MGM clarified that customer bank account numbers or payment card information were not compromised, and data from its luxury resort hotel, The Cosmopolitan of Las Vegas, remained unaffected.
“The full scope of the costs and related impacts of this issue has not been determined,” MGM stated in a news statement. The breach is anticipated to negatively impact the adjusted property core profit for MGM’s Las Vegas Strip division, with an approximate loss of $100 million. However, the company expects no significant impact on its full-year results from this incident.
Despite the cyberattack, MGM remains optimistic about a robust fourth quarter, with expectations of record results in November driven by a Formula One racing event scheduled in Las Vegas. The company emphasized its ongoing efforts to restore and fortify its cybersecurity measures to prevent future cyber threats.
MGM Resorts International has set up a call center at 800-621-9437 toll-free Monday through Friday from 8 am – 10 pm Central, or Saturday and Sunday from 10 am – 7 pm Central (excluding major U.S. holidays). Please reference engagement number B105892 when calling. The company also has set up a webpage at www.mgmresorts.com/importantinformation with additional information.