MGM Resorts International, one of the largest hotel and casino operators in the world, recently fell victim to a cyberattack that forced the company to shut down systems at several of its properties. The attack, which occurred last month, led to significant disruptions for guests, including delays in check-ins and reservations. The incident even affected prominent individuals such as FTC chair Lina Kahn, who was in Las Vegas attending important meetings.
According to The Wall Street Journal, MGM Resorts International refused to pay the ransom demanded by the attackers. Instead, the company chose to take a stand against ransomware and the criminals behind it. While this decision may have resulted in temporary inconvenience and operational challenges, it sends a strong message that organizations should not succumb to the demands of cybercriminals.
MGM stated that the hackers were able to obtain sensitive customer data, including names, contact information, date of birth, and driver’s license numbers. In some cases, a limited number of customers’ social security numbers, passport numbers, or both were also compromised. Although the company did not disclose the exact number of individuals affected, according to its filing with the US Securities and Exchange Commission, the breach primarily impacted customers who transacted with MGM Resorts International prior to March 2019.
On a positive note, MGM reassured its customers that passwords, bank account numbers, and card details were not believed to have been stolen. The company is taking immediate action to notify affected customers through email and is offering free credit monitoring and identity theft protection services to minimize the potential consequences of the breach.
MGM Resorts International has made significant progress in recovering from the attack. The company stated that its domestic operations are back to normal, and most of its guest-facing systems have been restored. It expects the remaining systems to be fully operational in the coming days. However, the financial impact of the cyberattack is substantial, with MGM estimating losses of approximately $100 million. The company has already spent under $10 million on various services and consulting related to the attack.
If you suspect that you might be one of the individuals affected by this breach, MGM has provided resources to assist you. The company has established a dedicated call center that operates Monday through Friday from 8 am to 10 pm Central time, as well as on Saturdays and Sundays from 10 am to 7 pm Central time. You can reach the call center at 800-621-9437, and please reference engagement number B105892 when calling. Additionally, MGM has created a webpage, accessible at www.mgmresorts.com/importantinformation, where you can find more details and updates on the situation.
MGM Resorts International’s handling of this cyberattack sets an important precedent in the fight against ransomware. By refusing to pay the hackers and taking immediate actions to protect its customers, MGM demonstrates its commitment to cybersecurity and data protection. This incident serves as a reminder for all organizations and individuals to remain vigilant in their efforts to safeguard sensitive information and mitigate the risks posed by cyber threats.