Last month, MGM Resorts, a prominent casino conglomerate headquartered in Las Vegas, disclosed a significant data breach, deeming it a cyberattack, according to a regulatory filing released on Thursday. The breach, initiated on September 10th, prompted the shutdown of select computer systems within MGM resorts across the United States. Exhibiting the classic characteristics of an extortion-based ransomware assault, this incident could potentially mark the most expensive ransomware attack on record.
This episode aligns with a recent surge in similar cyberattacks. In 2019, Norwegian aluminum manufacturer Norsk Hydro reported losses of $70 million after declining to comply with a ransom demand. Caesars, in another high-profile case, was widely rumored to have paid $15 million out of a requested $30 million ransom to a group known as Scattered Spider, purportedly for safeguarding their data.
According to an insider cited by The Wall Street Journal in a Thursday report, MGM opted not to meet the hackers’ ransom request made in September. In a parallel development, Clorox recently disclosed that it fell victim to a similar attack, resulting in product shortages and order processing delays. Consequently, the company anticipates a 23-28% dip in net sales for the current quarter.
MGM affirmed that the breach was contained, reassuring customers that no banking details or payment card information were compromised. However, personal data, encompassing names, contact information, driver’s license numbers, Social Security numbers, and passport details of individuals who availed MGM services pre-March 2019, were pilfered. The company stressed that there is “no evidence” of this information being used for account fraud or identity theft. In an effort to assuage affected parties, MGM committed to notifying them via email and offering complimentary identity protection and credit monitoring services.
The repercussions of this incident have already, and are projected to continue, casting a pall on MGM’s third-quarter financial performance for its Las Vegas Strip establishments and regional operations. MGM disclosed an estimated expense of less than $10 million to cover one-time costs, including legal fees and technology consultations.
CEO Bill Hornbuckle expressed remorse over the situation, stating, “[W]e regret this outcome and sincerely apologize to those impacted. We also believe that this attack is contained.”
In sum, last month’s data breach caused by a cyberattack has inflicted, and is expected to continue inflicting, a substantial financial blow to MGM Resorts. The company has taken affirmative measures to safeguard its clientele. This episode serves as a poignant reminder for businesses across industries to fortify their systems against the escalating threat of cybercrime.
Source: AP News
