Skip to main content

MGM Resorts Unveils Expectations for $100-Million Costs Linked to the Data Breach in September

MGM Resorts International revealed on October 5th that a cyberattack that disrupted its operations in September would cost it $100 million in its third-quarter results, as the company is trying to restore its systems to normal.

As CasinoGamesPro reported, one of the largest gambling operators on a global scale, MGM Resorts, was forced to shut its systems down after detecting the aforementioned attack to reduce damage. The company further shared expectations to incur less than $10 million as a one-time cost associated with the attack in the three-month period that ended on September 30th.

The operator confirmed that, as a result of the malicious attack, the private data of customers who used the company’s services before March 2019, such as date of birth, gender, diver’s license numbers, and contact information, was breached. A more limited number of passport and Social Security numbers had also been obtained by the attackers. MGM Resorts, however, noted there was no evidence that the attackers used the data obtained during the breach to commit crimes such as identity theft or account fraud.

The casino and hospitality company explained that the hackers did not obtain any customer payment card information or bank account numbers, and that they did not manage to get any data from its luxury Las Vegas resort hotel The Cosmopolitan.

Recent Cyberattack Should Not Have Any Long-Term Impact on MGM Resorts’ Full-Year Performance

At the time when the attack took place, customers posted images on social media showing inoperable slot machines and queues at the brand’s Las Vegas hotels. So far, MGM Resorts has not revealed whether the attackers had asked for any ransom.

In a regulatory filing published earlier, the company said that it was still not fully aware of the exact scope of the costs and related impacts of the issue.

For the time being, it remains unclear what the hackers did with the data they stole from MGM Resorts. As previously reported, such attackers often ask their victims for ransom in return for the stolen data or sell it to other cybercriminals on the dark web or release it in public forums.

The MGM Resorts data breach, which is currently being investigated by the Federal Bureau of Investigations (FBI), provides a vivid example of how large organizations are still vulnerable to cybercrime.

The full financial impact of the breach remains unclear. As mentioned above, the casino company shared expectations that the cyberattack will have a negative impact estimated at approximately $100 million to its adjusted property core profit for the Las Vegas Strip unit. MGM Resorts also unveiled expectations of total occupancy of 93% in October 2023, in comparison to 94% in October 2022.

Furthermore, it announced that its guest-facing systems had been brought back to normal and added that, according to preliminary expectations, the breach would not have any impact on its full-year results. MGM Resorts said it was well-positioned to have a strong fourth quarter and report a record-high in November, with the results set to be driven mostly by a racing event from the Formula One competition that is set to take place in Las Vegas.



 Author: Hannah Wallace

Hannah Wallace has been part of our team since the website was launched. She has a master’s degree in IT.
»