The cybersecurity attack at MGM Resorts last month is expected to cost the casino giant more than USD 100 million, the Las Vegas-based company said in a Thursday regulatory filing.
The attack, which was detected on September 10, led to MGM shutting down some casino and hotel computer systems at properties across the U.S. in efforts to protect data.
MGM said reservations and casino floors in Las Vegas and other states were affected — as customers shared stories on social media about not being able to make credit card transactions, obtain money from cash machines or enter hotel rooms. The company announced the end to its 10-day computer shutdown on September 20.
“While we experienced disruptions at some of our properties, operations at our affected properties have returned to normal, and the vast majority of our systems have been restored,” MGM CEO Bill Hornbuckle said in a Thursday letter to customers. “We also believe that this attack is contained.”
Hornbuckle added that no customer bank account numbers or payment card information was compromised in the incident. But hackers stole other personal information — including names, contact information, driver's license numbers, Social Security numbers and passport numbers belonging to some customers, who did business with MGM prior to March of 2019, he said.
MGM has “no evidence” that the criminal actors have used this data to commit account fraud or identity theft, Hornbuckel said, noting that the company will also reach out to impacted consumers via email and offer free identity protection and credit monitoring services. “We regret this outcome and sincerely apologize to those impacted," he added.
The cybersecurity attack at MGM Resorts last month is expected to cost the casino giant more than USD 100 million, the Las Vegas-based company said in a Thursday regulatory filing.
The attack, which was detected on September 10, led to MGM shutting down some casino and hotel computer systems at properties across the U.S. in efforts to protect data.
MGM said reservations and casino floors in Las Vegas and other states were affected — as customers shared stories on social media about not being able to make credit card transactions, obtain money from cash machines or enter hotel rooms. The company announced the end to its 10-day computer shutdown on September 20.
“While we experienced disruptions at some of our properties, operations at our affected properties have returned to normal, and the vast majority of our systems have been restored,” MGM CEO Bill Hornbuckle said in a Thursday letter to customers. “We also believe that this attack is contained.”
Hornbuckle added that no customer bank account numbers or payment card information was compromised in the incident. But hackers stole other personal information — including names, contact information, driver's license numbers, Social Security numbers and passport numbers belonging to some customers, who did business with MGM prior to March of 2019, he said.
MGM has “no evidence” that the criminal actors have used this data to commit account fraud or identity theft, Hornbuckel said, noting that the company will also reach out to impacted consumers via email and offer free identity protection and credit monitoring services. “We regret this outcome and sincerely apologize to those impacted," he added.
