On Thursday, the hotel and casino giant MGM Resorts International revealed about a cyberattack that it witnessed last month that had caused great harm to its operations causing a $100 million decline to its third-quarter results, as it is still working on to reinstate its systems.
Being the world’s hugest gambling firms, MGM shut down its systems after sensing the attack to ascertain how much damage it had incurred, the company said. It also looks forward to a loss less than $10 million as a related only-time cost in the quarter that came to an end on September 30.
After the attack last month, customers expressed their aggression by social media images that showed slot machines with error messages and queues at hotels in Las Vegas.
AlphV, a hacking group accepted that it was involved in the conspiracy. Earlier. various sources notified a media group that AlphV allianced with a different outfit called Scattered Spider to breach into MGM systems and steal data for extortion purposes.
MGM has refused to comment on whether it was asked for or if it has been compelled to pay any sum in ransom.
Prior to March 2019, the confidential data of customers who used MGM services comprising contact information, gender, date of birth and driver’s license numbers, was stolen, according to a statement revealed by the company.
“We also believe a more limited number of Social Security numbers and passport numbers were obtained,” it said.
“We have no evidence that the criminal actors have used this data to commit identity theft or account fraud.”
Hackers often withhold breached data to seek ransom and they might also share it to public forums or sell it to many cybercriminals further.
The MGM data theft, which the FBI is currently probing into, is a prime example of how huge organizations still are the potential targets for cybercriminals. People investigating in the matter, who have fished out Scattered Spider confessed that many more organizations have been falling for the group’s skilled social engineering schemes.
MGM said the hackers could not get their hands on any customer bank account numbers or payment card information, and that no data from its luxury resort hotel The Cosmopolitan of Las Vegas was hacked.
In its regulatory filing, MGM said, “The full scope of the costs and related impacts of this issue has not been determined.”
The company expects the breach will have a negative impact of about $100 million to its adjusted property core profit for its Las Vegas Strip division, and expects total occupancy of 93% this October versus 94% in the same month a year ago.
“Virtually all of the Company’s guest-facing systems have been restored,” it said, adding that it expects no impact on its full-year results from the breach.
MGM said it is “well-positioned” to have a terrific fourth quarter with record results in November, driven mainly by a Formula One racing event slated to take place in Las Vegas.
According to The Wall Street Journal, MGM Resorts reportedly did not pay the attackers’ ransom demand, the amount of which is not yet known. When asked by TechCrunch, a representative for the Scattered Spider group did not comment. MGM’s rival Caesars Entertainment, which was also hit by a recent ransomware attack, is said to have paid about half of the $30 million demanded by the hackers to prevent the disclosure of stolen data. Media reports said the Scattered Spider group was also responsible for the Caesars cyberattack, but the group told TechCrunch at the time it had “no involvement” with the incident.
While MGM claims that the cyberattack has been “fully contained” and that operations at the company’s resorts have “returned to normal,” some of the MGM’s services were still not operational at the time of writing, according to customer complaints on social media, comprising MGM’s mobile app.
“The company continues to focus on restoring the remaining impacted guest-facing systems and the Company anticipates that these systems will be restored in the coming days,” MGM said.