Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Ransomware attack on MGM Resorts costs $110 Million

Hospitality and entertainment company MGM Resorts announced that the costs of the recent ransomware attack costs exceeded $110 million. In September the hospitality and entertainment company MGM Resorts was hit by a ransomware attack that shut down its systems at MGM Hotels and Casinos. The incident affected hotel reservation systems in the United States and […]

MGM Resorts

Hospitality and entertainment company MGM Resorts announced that the costs of the recent ransomware attack costs exceeded $110 million.

In September the hospitality and entertainment company MGM Resorts was hit by a ransomware attack that shut down its systems at MGM Hotels and Casinos.

The incident affected hotel reservation systems in the United States and other IT systems that run the casino floors.

The company now revealed that the costs from the ransomware attack have exceeded $110 million. The company paid third-party experts $10 million to clean up its systems.

A few days later, an affiliate of the BlackCat/ALPHV ransomware group known as Scattered Spider claimed responsibility for the attack.

“The Company believes that the operational disruption experienced at its affected properties during the month of September will have a negative impact on its third quarter 2023 results, predominantly in its Las Vegas operations, and a minimal impact during the fourth quarter. The Company does not expect that it will have a material effect on its financial condition and results of operations for the year. Specifically, the Company estimates a negative impact from the cyber security issue in September of approximately $100 million to Adjusted Property EBITDAR for the Las Vegas Strip Resorts and Regional Operations, collectively.” reads the 8-K report filed with SEC. “The Company has also incurred less than $10 million in one-time expenses in the third quarter related to the cybersecurity issue, which consisted of technology consulting services, legal fees and expenses of other third party advisors.”

The Company states that its cybersecurity insurance will cover the financial losses and future expenses, however, the full scope of the costs and related impacts has yet to be determined.

According to the ongoing investigation, threat actors had access to the data of some of the Company’s customers who transacted with the Company prior to March 2019. Personal information exposed includes name, contact information (such as phone number, email address and postal address), gender, date of birth and driver’s license numbers). For a limited number of customers, Social Security numbers and passport numbers were exposed. The types of impacted information varied by individual.

The attack caused disruptions at some of the company’s properties, however, the incident did not expose any customer bank account numbers or payment card details.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, MGM Resorts)