MGM Resorts was hit by a ransomware attack last month that shut down its systems at MGM Hotels and Casinos.
The incident affected hotel reservation systems in the United States and other IT systems that run the casino floors. MGM Resorts now revealed that the costs from the ransomware attack have exceeded $110 million and paid third-party experts $10 million to clean up its systems.
An affiliate of the BlackCat ransomware group known as Scattered Spider claimed responsibility for the attack.
The Company estimates a negative impact from the cyber security issue in September of approximately $100 million to adjusted property EBITDAR for the Las Vegas Strip Resorts and Regional Operations collectively. It also incurred less than $10 million in one-time expenses in the third quarter related to the cybersecurity issue, which consisted of technology consulting services, legal fees, and expenses of other third-party advisors
The Company states that its cybersecurity insurance will cover the financial losses and future expenses, however, the full scope of the costs and related impacts has yet to be determined.
The investigation showcases that the threat actors had access to the data of some of the Company’s customers who transacted with the company prior to March 2019. Personal information exposed includes name and contact information. For a limited number of customers, Social Security numbers and passport numbers were exposed. The types of impacted information varied by individual.
The attack caused disruptions at some of the company’s properties. However, the incident did not expose any customer bank account numbers or payment card details.