More details have emerged about the recent ransomware attack that hit MGM Resorts’ US operations, with the casino operator disclosing that the attack resulted in a $100 million loss for the company. Customers’ personal information was also compromised during the attack which was reported on September 11, affecting MGM’s primary website, in-casino services, and online reservation systems.
Cyber-attack Led to $100M Loss for MGM
In a recent filing with the Securities and Exchange Commission (SEC), MGM revealed that it suffered losses in earnings of $100 million due to the attack. On top of that, the company also recorded less than $10 million in one-time expenses for risk remediation and incident response measures which it says will be covered in full by its cybersecurity insurance.
The financial impact of the cyber-attack, which was later found to be perpetrated by a ransomware gang called “Scattered Spider”, will be mostly confined to MGM’s Q3 2023 results, the company stated.
Customers’ Personal Information Compromised
MGM notified affected customers, including those who transacted with the firm before March 2019, that the hackers managed to steal their personal information, including their full name, phone number, e-mail address, passport number, driver’s license, and Social Security Number (SSN).
MGM assured its patrons that their passwords, payment card information, and bank account numbers were spared from the cyber-attack.