In a US Securities and Exchange Commission 8-K disclosure filing on 05 October 2023, MGM Resorts reported losing around $100 million after the 11 September 2023 breach incident.
In an open letter published recently, MGM CEO Bill Hornbuckle said that "the vast majority of our systems have been restored," adding, "We also believe that this attack is contained. As part of our remediation efforts, we have rebuilt, restored, and further strengthened portions of our IT environment.[1] We will offer free identity protection and credit monitoring services to individuals who receive an email from us indicating that their information was impacted."
The breach resulting in some of the following:
- MGM responded swiftly and shut down its systems to mitigate risk to customer information.
- $100M impact to EBITDAR (non-GAAP metrics are getting interesting)
- $10M in one-time fees, including technology consulting (too late?), legal, and advisory fees
Customers’ data compromised, including name, contact information, gender, date of birth and driver's license number. For a limited number of customers, Social Security numbers and passport numbers were also obtained by the criminal actors. MGM does not believe that customer passwords, bank account numbers, or payment card information were obtained by the criminal actors. MGM currently believes that its cybersecurity insurance will be sufficient to cover the financial impact on its business because of the operational disruptions, the one-time expenses, and future expenses. The full scope of the costs and related impacts of this issue has not been determined.
Here are some additional details about the breach:
- The breach affected systems at MGM properties in Las Vegas, Mississippi, and Maryland.
- The company said that it was not aware of any unauthorized access to guest financial information.
- MGM is offering free credit monitoring and identity protection services to affected guests.
- The FBI is investigating the breach.
The Caesar's Palace cybersecurity breach could have several negative ramifications for the company, including:
- Financial losses: Caesar's Palace may be liable for damages to customers whose data was stolen in the breach. The company may also have to spend money on additional cybersecurity measures to prevent future breaches.
- Reputational damage: The Caesar's Palace cybersecurity breach could damage the company's reputation and make it more difficult to attract and retain customers.
- Regulatory scrutiny: The Caesar's Palace cybersecurity breach is likely to attract the attention of regulators, who could investigate the company's cybersecurity practices and impose fines or other penalties.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization and has reported extensively on AI technology. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
[1] https://www.secureworld.io/industry-news/breach-mgm-resorts-hotel-access
Comments