MGM Resorts estimates that the recent cyberattack will result in a $100m EBITDAR loss in the third quarter. [Image: Shutterstock.com]

Multimillion-dollar fallout

The cyberattack that disrupted MGM Resorts International’s operations last month was a costly one. The casino company has estimated in a regulatory filing that the attack will lead to a $100m adjusted EBITDAR loss during the third quarter of 2023. MGM believes it was a one-off issue and won’t have a significant effect on its final quarter or entire year results.

one-time expenses resulting from the attack were about $10m

The cybersecurity insurance that MGM holds should be sufficient to cover most of the financial damage despite the final payout not being determined as of yet. The one-time expenses resulting from the attack were about $10m, which includes legal fees, third-party expenses, and IT consulting services.

Hacker group ALPHV claimed responsibility for the ransomware attack on MGM.

Compromised data

On Friday 8 September, MGM was forced to quickly turn off computer systems when it became aware of the cyberattack in an attempt to limit the amount of information hackers could get their hands on. The company gave an update to its employees in an internal letter about the situation:

MGM believes that it has now contained the damage although it noted that data of certain customers who visited the company’s properties before March 2019 was accessed. This includes their email addresses, phone numbers, names, and driver’s license information. Certain peoples’ passport numbers and Social Security numbers were also exposed.

MGM is confident that no payment information or passwords were compromised, while the data and computer systems of The Cosmopolitan of Las Vegas weren’t seemingly touched at all. The company doesn’t believe that any customers have fallen foul of identity theft or fraud yet. It will be offering credit monitoring and identity theft protection services for anyone impacted and a helpline will be open to deal with all of these types of issues.

A widespread issue

During the cyberattack, MGM’s Las Vegas properties were directly impacted. Many slot machines did not work properly for a time, people had to manually check in to their rooms, and cash was preferred when paying for goods and services due to card processing issues.

Caesars Entertainment suffered a similar attack in the weeks before and paid $15m

The hackers demanded a ransom and it is unclear if MGM paid them any money. Caesars Entertainment suffered a similar attack in the weeks before and paid $15m to the infiltrators to avoid disruption. Both companies are now facing class-action lawsuits for not properly protecting the data of customers.

BetMGM customers have now reported that hackers have been draining their accounts of funds and accessing sensitive information. People believe this is a knock-on impact from the overall MGM hack. BetMGM is owned by MGM and Entain.