MGM Resorts International, one of the leading global hospitality and entertainment companies, recently disclosed the costly aftermath of a ransomware attack that occurred in September. The financial toll resulting from the attack has surpassed a staggering $100 million, with $10 million dedicated to one-time consulting clean-up fees. This incident has once again highlighted the pervasive threat of ransomware attacks and their potentially devastating consequences.
Swift response to the attack
MGM Resorts swiftly responded to the data extortion attack by taking their systems offline. This proactive measure was taken to contain the threat and prevent the threat actors from accessing sensitive customer information such as bank account numbers or payment card details. By acting promptly, the company successfully shielded its customers from potential financial loss and identity theft.
Ransom payments and unreliability
It is important to note that paying a ransom to cybercriminals does not guarantee the restoration of an organization’s systems and data. On the contrary, it often perpetuates the ransomware ecosystem by providing a financial motivation for criminals to continue their malicious activities. Therefore, organizations are encouraged to focus on improving their cybersecurity defenses and preventive measures, rather than relying on the uncertain outcome of ransom payments.
Financial Impact on MGM Resorts
The financial impact resulting from the ransomware attack is expected to primarily affect the third quarter of 2023, with minimal repercussions in the fourth quarter. Specifically, MGM Resorts’ Las Vegas operations are anticipated to bear the brunt of the consequences. This emphasizes the vast scale and potential disruptions that large organizations like MGM Resorts may face when targeted by cybercriminals.
Potential coverage by cybersecurity insurance
While the financial burden is significant, MGM Resorts may find some relief through their cybersecurity insurance. It is expected that a substantial portion of the costs will be covered, but the total scope of the financial impact is still undetermined. This incident serves as a reminder of the value of cybersecurity insurance and the importance of comprehensive coverage in the face of evolving cyber threats.
Targeting large organizations
This ransomware attack on MGM Resorts underscores the attraction that large organizations hold for organized cyber gangs (OCGs) with sophisticated cyber capabilities. Their extensive infrastructure, vast customer databases, and potentially valuable intellectual property make these organizations enticing targets. The ability to infiltrate and disrupt such high-profile entities provides a significant opportunity for financial gain for these criminal groups.
Personal information accessed
As a result of the ransomware attack, MGM Resorts has identified that specific customers who had transacted with the company before March 2019 had their personal information accessed by the threat actors. The compromised information includes names, contact details, gender, date of birth, and driver’s license numbers. This revelation raises concerns about potential identity theft and targeted phishing attempts against affected customers.
Limited access to sensitive information
While the breach allowed access to personal information, it is crucial to note that customer passwords, bank account numbers, and payment card information are believed to be safe from the attack. This implies that the financial security of MGM Resorts’ customers remains intact, alleviating some of the immediate concerns regarding financial fraud or unauthorized transactions.
Investments in cybersecurity measures
In response to this breach, MGM Resorts has committed to enhancing its cybersecurity measures further. The company is actively collaborating with industry-leading experts to minimize future risks and safeguard customer data. This proactive approach demonstrates MGM Resorts’ prioritization of cybersecurity and their dedication to maintaining a secure environment for their customers.
The ransomware attack on MGM Resorts International has come at a significant cost, exceeding $100 million in financial expenses. While the full extent of the impact is still uncertain, the company is working diligently to mitigate the aftermath and protect affected customers. This incident serves as a stark reminder of the persistent threat posed by ransomware attacks and the critical need for robust cybersecurity measures in today’s digitally connected world. By investing in preventive measures and collaborating with experts, MGM Resorts aims to enhance its cybersecurity defenses and ensure the safety of customer data moving forward.