Sign Up For Card Player's Newsletter And Free Bi-Monthly Online Magazine

MGM Resorts Details Financial Losses, Data Breached From Cyber Attack

Events Cost Company $100 Million-Plus For Third Quarter

Print-icon
 

The numbers are starting to roll in from the fallout of the MGM Resorts cyber attack, and they’re not looking good.

MGM Resorts continues dealing with the repercussions from the September computer hacks at the company’s nationwide casino properties. That included estimating the ordeal would cost the company about $100 million, according to an Oct. 5 filing with the Securities and Exchange Commission.

The company also detailed some of what cyber attackers were able to garner from MGM systems during the breach. The hackers accessed some personal information, the company noted in a letter to customers, but not any credit card or other financial account information.

“I’m grateful to our employees for their resilience and dedication during this time,” MGM CEO Bill Hornbuckle noted. “On behalf of everyone at MGM Resorts, I wish to also thank our customers for their loyalty and patience as we worked through this complex matter. We regret this outcome and sincerely apologize to those impacted.”

Financial Losses

The cyber attack began on Sept. 12 and affected MGM for several days including shutting down hotel registration, company websites, email accounts, some slot operations, and more.

The SEC filing detailed that the company discovered the attack early and helped mitigate the hackers’ overall success. However, even weeks later MGM still faces some issues related to the attack.

“The company continues to focus on restoring the remaining impacted guest-facing systems and the
company anticipates that these systems will be restored in the coming days,” MGM reported in the filing.

Officials saw a significant drop in earnings for the third quarter to the tune of about $100 million. Hotel occupancy dropped to 88% compared to 93% in September 2022. The filing reports that MGM expects to bounce back to 93% in October.

The filing also details that MGM incurred about $10 million in one-time expenses for technology consulting services, legal fees, and the hiring of other advisors. Management believes some of those costs can be reclaimed through insurance policies. The company is also facing several lawsuits related to the cyber attacks as well.

Impact On Customers

MGM also outlined some of the data that was compromised. The letter to customers said that some customers’ names, contact information, gender, date of birth, and driver’s license numbers may have been stolen.

Hornbuckle said “a more limited number of” Social Security numbers and passport numbers were jeopardized. He said company officials have no evidence that any of the data has been used for identity theft or account fraud.

MGM is offering free identity protection and credit monitoring for anyone who feels they may have been affected. A dedicated call center (1-800-621-9437) and website have also been launched to assist customers.

MGM noted in the filing: “While no company can ever eliminate the risk of a cyber attack, the company has taken significant measures, working with industry-leading third-party experts, to further enhance its system safeguards. These efforts are ongoing.”