MGM Resorts reveals costs of more than $100 million after ransomware attack


MGM Resorts International revealed that costs resulting from a ransomware attack in September exceeded $100 million, including $10 million in one-time consulting cleanup costs.

In an SEC 8-K filing released last Thursday, the company cited operational disruptions, particularly at its Las Vegas properties, as the primary reason for the significant financial loss.

The quick response to the data extortion attack was to take systems offline to contain the threat, preventing bad actors from accessing customers’ bank account numbers or payment card information. The company believes this rapid response was essential to avoid a potentially more catastrophic breach.

“Even though the $100 million in losses is costly on the surface, MGM’s decision not to pay the ransom followed the course of action recommended by cybersecurity experts, government and law enforcement,” a statement said. commented Anne Cutler, cybersecurity evangelist at Security guard.

“Paying a ransom to cybercriminals does not guarantee the full return of an organization’s systems and data, and only furthers the ransomware ecosystem. »

The financial impact is expected to primarily affect the third quarter of 2023, particularly on MGM Resorts’ operations in Las Vegas, with minimal impacts during the fourth quarter. Although cybersecurity insurance is expected to cover a substantial portion of the financial impact, the full extent of costs and impacts associated with this incident is still undetermined.

“It’s important to consider this in the context of their income. MGM is a huge, very profitable organization. With revenues of $14 billion, it’s easy to understand why they flagged this as not significant,” said Andrew Barratt, vice president of Coal fire.

“However, that doesn’t mean they’re too big to hack. Rather the opposite. This shows that large organizations are likely a very profitable target for OCGs with cyber capabilities.

In fact, MGM Resorts has identified that personal information, including names, contact information, gender, date of birth and driver’s license numbers, was accessed by malicious actors of specific customers who transacted with the company before March 2019. Social Security and Passport figures were also obtained for a limited number of customers.

However, according to the SEC deposit, customer passwords, bank account numbers and payment card information would be safe from the breach. The company has established a dedicated helpline and web page to respond to customer inquiries and offer identity protection and credit monitoring services.

Read more about the incident: MGM Resorts hit by cyberattack, systems down

Despite the incident, MGM Resorts said it continues to invest in improving its cybersecurity measures with the support of leading experts to minimize future risks and protect guest data.

Editorial image credit: Petr Podrouzek /

Leave a comment