MGM Resorts admits cyberattack cost $100M in lost profits

MGM Resorts admits cyberattack cost $100M in lost profits

Advertisement

Gaming giant MGM Resorts has admitted the cyberattack that crippled its casinos in Las Vegas and beyond last month likely cost some $100 million in lost profits.

The company made the disclosure in a regulatory filing on Thursday evening, nearly a month after hackers caused massive disruptions that froze online booking systems, knocked slot machines offline, and even disabled digital locks on hotel room doors. MGM said it also expects to incur $10 million in one-time expenses related to the attack, consisting of fees to legal and tech advisors who helped respond to the breach.

The company made the disclosure in a regulatory filing on Thursday evening, nearly a month after hackers caused massive disruptions that froze online booking systems, knocked slot machines offline, and even disabled digital locks on hotel room doors. MGM said it also expects to incur $10 million in one-time expenses related to the attack, consisting of fees to legal and tech advisors who helped respond to the breach.

However, MGM refused to pay the ransom demanded by hackers to end the cyber assault and restore operations to normal, a person familiar with the matter told the Wall Street Journal. That's in contrast to Caesars Entertainment, which suffered no public disruptions after reportedly paying about $15 million to hackers in a breach last month, believed to have been carried out by the same Russia-linked ransomware gang that struck MGM. It would mean that MGM's refusal to pay ransom ended up costing the company more than seven times more than the hit Caesars took in making the alleged payoff.

However, MGM refused to pay the ransom demanded by hackers to end the cyber assault and restore operations to normal, a person familiar with the matter told the Wall Street Journal. That’s in contrast to Caesars Entertainment, which suffered no public disruptions after reportedly paying about $15 million to hackers in a breach last month, believed to have been carried out by the same Russia-linked ransomware gang that struck MGM. It would mean that MGM’s refusal to pay ransom ended up costing the company more than seven times more than the hit Caesars took in making the alleged payoff.

The FBI strongly advises against paying ransoms to hackers, warning that bowing to the demands only encourages further attacks. Still, many companies quietly meet ransom demands to avoid business disruptions and negative headlines. MGM has previously declined to comment on whether it was asked for or paid any ransom. A spokesperson did not immediately respond to a request for comment from DailyMail.com on Thursday night. MGM CEO Bill Hornbuckle also issued a statement on Thursday confirming that the hackers did not obtain customer banking information, but that personal information from some customers was compromised.

The FBI strongly advises against paying ransoms to hackers, warning that bowing to the demands only encourages further attacks. Still, many companies quietly meet ransom demands to avoid business disruptions and negative headlines. MGM has previously declined to comment on whether it was asked for or paid any ransom. A spokesperson did not immediately respond to a request for comment from DailyMail.com on Thursday night. MGM CEO Bill Hornbuckle also issued a statement on Thursday confirming that the hackers did not obtain customer banking information, but that personal information from some customers was compromised.

'We do understand that the criminal actors obtained certain personal information belonging to some customers who transacted with us prior to March 2019,' said Hornbuckle (pictured). 'This includes name, contact information, gender, date of birth, and driver's license number. The types of impacted information varied by individual,' he added. 'We also believe a more limited number of Social Security numbers and passport numbers were obtained. We have no evidence that the criminal actors have used this data to commit identity theft or account fraud.' The hackers who targeted MGM are believed to be ransomware hackers, who are primarily motivated by extracting ransom payments from the victim company.

‘We do understand that the criminal actors obtained certain personal information belonging to some customers who transacted with us prior to March 2019,’ said Hornbuckle (pictured). ‘This includes name, contact information, gender, date of birth, and driver’s license number. The types of impacted information varied by individual,’ he added. ‘We also believe a more limited number of Social Security numbers and passport numbers were obtained. We have no evidence that the criminal actors have used this data to commit identity theft or account fraud.’ The hackers who targeted MGM are believed to be ransomware hackers, who are primarily motivated by extracting ransom payments from the victim company.

However, such groups may also attempt to turn a profit by selling stolen personal information, or punish the corporate victim by publishing the data in public forums. A Russia-linked ransomware gang named AlphV, known as BlackCat, previously claimed it was involved in the MGM breach. Cybersecurity experts believe AlphV worked with an affiliated hacker group called Scattered Spider, which is primarily composed of young adults and teens in the UK and US, to perpetuate both the Caesars and MGM breaches.

However, such groups may also attempt to turn a profit by selling stolen personal information, or punish the corporate victim by publishing the data in public forums. A Russia-linked ransomware gang named AlphV, known as BlackCat, previously claimed it was involved in the MGM breach. Cybersecurity experts believe AlphV worked with an affiliated hacker group called Scattered Spider, which is primarily composed of young adults and teens in the UK and US, to perpetuate both the Caesars and MGM breaches.

Analysts who track Scattered Spider say more and more organizations have been falling for the group's skilled social engineering schemes, which often involve phone calls to IT support desks posing as a company employee. After the attack last month, videos posted from MGM properties on the Las Vegas Strip, including ARIA and Bellagio, showed painfully long check-in lines, and some slot machines that were knocked offline. Functioning slot machines were cash-only and set to handpay, meaning winnings had to be doled out by human staffers, and MGM handed out dining credits and free alcohol to appease irate guests. 'The full scope of the costs and related impacts of this issue has not been determined,' MGM said in a regulatory filing.

Analysts who track Scattered Spider say more and more organizations have been falling for the group’s skilled social engineering schemes, which often involve phone calls to IT support desks posing as a company employee. After the attack last month, videos posted from MGM properties on the Las Vegas Strip, including ARIA and Bellagio, showed painfully long check-in lines, and some slot machines that were knocked offline. Functioning slot machines were cash-only and set to handpay, meaning winnings had to be doled out by human staffers, and MGM handed out dining credits and free alcohol to appease irate guests. ‘The full scope of the costs and related impacts of this issue has not been determined,’ MGM said in a regulatory filing.

The company expects the breach will have a negative impact of about $100 million to its adjusted property core profit for its Las Vegas Strip division, and expects total occupancy of 93 percent in October versus 94 percent in the same month a year ago. 'Virtually all of the Company's guest-facing systems have been restored,' it said, adding that it expects no impact on its full-year results from the breach. MGM said it is 'well-positioned' to have a strong fourth quarter with record results in November, driven mainly by a Formula One racing event slated to take place in Las Vegas.

The company expects the breach will have a negative impact of about $100 million to its adjusted property core profit for its Las Vegas Strip division, and expects total occupancy of 93 percent in October versus 94 percent in the same month a year ago. ‘Virtually all of the Company’s guest-facing systems have been restored,’ it said, adding that it expects no impact on its full-year results from the breach. MGM said it is ‘well-positioned’ to have a strong fourth quarter with record results in November, driven mainly by a Formula One racing event slated to take place in Las Vegas.

Want more stories like this from the Daily Mail? Visit our profile page here and hit the follow button above for more of the news you need.

Want more stories like this from the Daily Mail? Visit our profile page here and hit the follow button above for more of the news you need.

***
Read more at DailyMail.co.uk