WhatsNew2Day – Latest News And Breaking Headlines
Gaming giant MGM Resorts has admitted that the cyberattack that crippled its casinos in Las Vegas and beyond last month likely cost it around $100 million in lost profits.
The company made the announcement in a regulatory filing Thursday evening, nearly a month after hackers caused massive disruptions that froze online booking systems, took gaming machines offline and even disabled digital locks on hotel room doors.
MGM said it also expects to incur $10 million in one-time costs related to the attack, consisting of fees for legal and technical consultants who helped respond to the breach.
However, MGM refused to pay the ransom demanded by hackers to end the cyberattack and return operations to normal, a person familiar with the matter told the Wall Street Journal.
That’s in contrast to Caesars Entertainment, which suffered no public disruptions after reportedly paying hackers about $15 million last month in a breach believed to have been carried out by the same Russia-linked ransomware gang that hit MGM.
An error message appears on a machine at the MGM Grand in Las Vegas on September 12 after a cybersecurity attack hit the gaming giant, impacting reservations and casino floors
MGM CEO Bill Hornbuckle also issued a statement Thursday confirming that some customers’ personal information had been compromised before March 2019
It would mean that MGM’s refusal to pay the ransom would ultimately cost the company more than seven times more than the hit Caesars took in paying the alleged payout.
The FBI strongly advises against paying ransoms to hackers and warns that giving in to the demands will only encourage further attacks. Yet many companies quietly comply with ransom demands to avoid business disruptions and negative headlines.
MGM has previously declined to comment on whether a ransom was demanded or paid. A spokesperson did not immediately respond to a request for comment from DailyMail.com on Thursday evening.
MGM CEO Bill Hornbuckle also issued a statement Thursday confirming that the hackers did not obtain any customer banking information, but that some customers’ personal information was compromised.
“We understand that the criminal actors obtained certain personal information from some customers who transacted with us prior to March 2019,” Hornbuckle said.
‘This includes name, contact details, gender, date of birth and driving license number. The types of information affected varied by individual,” he added.
‘We also believe that a more limited number of social security numbers and passport numbers were obtained. We have no evidence that the criminal actors used this data to commit identity theft or account fraud.”
Hotel guests wait in line at check-in at the Luxor hotel and casino in Las Vegas on September 14 after MGM Resorts International suffered a cybersecurity attack
An error message appears on a kiosk at Aria Resort and Casino on September 11 after MGM Resorts International suffers a cybersecurity attack
A sign warns guests of slot machine issues after a hack targeting MGM Resorts International at the Luxor hotel-casino on September 13
Guests wait to check in at the Bellagio on September 15 in Las Vegas. The breach disrupted reservation systems and caused annoyance and delays for guests
The hackers who targeted MGM are believed to be ransomware hackers, primarily motivated by extracting ransom payments from the victim company.
However, such groups may also attempt to make a profit by selling stolen personal information, or punish the corporate victim by publishing the data in public forums.
A Russia-linked ransomware gang called AlphV, better known as BlackCat, previously claimed to be involved in the MGM breach.
Cybersecurity experts believe that AlphV worked with an affiliated hacker group called Scattered Spider, made up primarily of young adults and teenagers in the UK and US, to perpetuate both the Caesars and MGM breaches.
Analysts who follow Scattered Spider say more and more organizations are falling for the group’s skilled social engineering schemes, which often involve making calls to IT support desks posing as a company employee.
After last month’s attack, videos posted from MGM properties on the Las Vegas Strip, including ARIA and Bellagio, showed painfully long check-in lines and some slot machines taken offline.
Functioning slot machines were cash only and set to hand pay, which meant winnings had to be doled out by human staffers, and MGM handed out dining credits and free alcohol to appease irate guests.
“The full extent of the costs and related impacts of this matter have not yet been determined,” MGM said in a filing with the regulator.
The flagship MGM Grand is seen on the Las Vegas strip in a file photo. MGM Resorts has admitted that the cyberattack that crippled its casinos likely cost it $100 million in lost profits
The company expects the breach to have a negative impact of approximately $100 million on adjusted real estate earnings for its Las Vegas Strip division, and expects an overall occupancy rate of 93 percent in October, compared to 94 percent in the same month a year ago.
“Virtually all of the company’s guest-facing systems have been restored,” the company said, adding that it expects no impact on full-year results from the breach.
MGM said it is “well positioned” to have a strong fourth quarter with record results in November, mainly thanks to a Formula 1 racing event set to take place in Las Vegas.
The company noted that no data from its luxury resort hotel The Cosmopolitan of Las Vegas had been breached.
The FBI previously told DailyMail.com that it is investigating the incidents at both Caesars and MGM, adding: “As this is an ongoing investigation, we cannot provide additional details.”
MGM Resorts Discloses $100 Million Loss in Profits Due to Cyberattack, Rejects Hackers’ Ransom Offer