MGM Resorts estimates that the latest cyberattack will result in an EBITDAR loss of $100 million in the third quarter. [Image: Shutterstock.com]
Millions of dollars in repercussions
The cyberattack that crippled MGM Resorts International’s operations last month was costly. The casino company estimated in a regulatory filing that the attack would result in an adjusted EBITDAR loss of $100 million during the third quarter of 2023. MGM believes it was a one-time issue and will not have a significant impact on its fourth-quarter or full-year results.
One-time expenses resulting from the attack were approximately $10 million
The cybersecurity insurance held by MGM should be enough to cover most of the financial damages although a final payment has not yet been determined. Expenses resulting from the one-time attack were approximately $10 million, which includes legal fees, third-party expenses, and IT consulting services.
Hacker group ALPHV claimed responsibility for the ransomware attack on MGM.
Data breach
On Friday, September 8, MGM was forced to quickly shut down computer systems when it learned of the cyberattack in an effort to limit the amount of information the hackers could access. The company provided an update to its employees in an internal message about the situation:
MGM believes it has now contained the damage although it noted that the data of some customers who visited the company’s properties before March 2019 was accessed. This includes email addresses, phone numbers, names and their driver’s license information. Some people’s passport numbers and social security numbers were also revealed.
MGM is confident that no payment information or passwords were compromised, while data and computer systems at The Cosmopolitan of Las Vegas were never compromised. The company does not believe any customers have been victims of identity theft or fraud yet. It will offer credit monitoring and identity theft protection services to anyone affected and a helpline will be open to handle all of these types of issues.
Widespread issue
During the cyber attack, MGM properties in Las Vegas were directly affected. Many slot machines did not work properly for some time, people had to manually check into their rooms, and cash was preferred when paying for goods and services due to card processing issues.
Caesars Entertainment was subjected to a similar attack in previous weeks and paid $15 million
The hackers demanded a ransom and it is not clear whether MGM paid them any money. Caesars Entertainment had been subjected to a similar attack in previous weeks and paid $15 million to the hackers to avoid disruption. Both companies are now facing class action lawsuits for not properly protecting customer data.
BetMGM customers are now reporting that hackers have drained their account funds and accessed sensitive information. People believe this is an indirect effect from MGM’s overall penetration. BetMGM is owned by MGM and Entain.
