Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

MGM Resorts Says Ransomware Hack Cost $110 Million

MGM Resorts said costs from a disruptive ransomware hack has exceeded $110 million, including $10 million in one-time consulting cleanup fees.

MGM Resorts ransomware

Hospitality and entertainment giant MGM Resorts said costs from last month’s debilitating ransomware infection have exceeded $110 million, including $10 million in one-time consulting clean-up fees.

In an SEC 8-K filing, MGM Resorts said the data-extortion attack caused operational disruptions, especially in its Las Vegas properties, and an estimated financial toll that includes about $100 million in lost revenue.

MGM Resorts, which manages prominent hotels like Mandalay Bay (site of the Black Hat security conference), Bellagio, MGM Grand, Aria, Luxor and the Cosmopolitan, said it also shelled out $10 million for technology consulting services, legal fees and expenses of other third party advisors. 

The company confirmed “disruptions” at some of its properties but said the breach did not cause the loss of any customer bank account numbers or payment card details.

However, MGM Resorts said the hackers stole personal information (including name, contact information (phone number, email address and postal address), gender, date of birth and driver’s license numbers).

“For a limited number of customers, Social Security numbers and passport numbers were also obtained by the criminal actors,” the company added.

“The types of impacted information varied by individual. At this time, [we] do not believe that customer passwords, bank account numbers or payment card information were obtained by the criminal actors. In addition, the Company does not believe that the criminal actors accessed The Cosmopolitan of Las Vegas systems or data,” MGM Resorts added.

A known ransomware gang called Scattered Spider has taken credit for the September hack that impacted MGM’s website, casinos, and systems used for email, restaurant reservations, and hotel bookings, and even digital hotel room keys. 

Advertisement. Scroll to continue reading.

Scattered Spider, according to published reports, also hacked casino giant Caesars Entertainment and collected millions in data extortion ransom payments.

Related: MGM Resorts Confirms ‘Cybersecurity Issue’, Shuts Down Systems

Related: Ransomware Gang Takes Credit for Disruptive MGM Resorts Cyberattack

Related: MGM Hackers Broadening Targets, Monetization Strategies

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Solana co-founder Stephen Akridge has been appointed the CEO of data protection firm Cyber Grant.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.