MGM Resorts, a prominent hospitality and entertainment company, has reported that the costs incurred as a result of a ransomware attack last month have exceeded $110 million.
This includes $10 million in one-time consulting fees for clean-up services. In a filing with the Securities and Exchange Commission (SEC), MGM Resorts stated that the attack caused significant disruptions to its operations, particularly in its Las Vegas properties, and resulted in an estimated financial loss of approximately $100 million in revenue.
MGM Resorts, which manages well-known hotels such as Mandalay Bay, Bellagio, MGM Grand, Aria, Luxor, and the Cosmopolitan, also disclosed that it spent $10 million on technology consulting services, legal fees, and expenses related to third-party advisors. The company acknowledged the disruptions experienced at some of its properties but assured that the breach did not lead to the loss of any customer bank account numbers or payment card details.
However, MGM Resorts did confirm that the hackers were able to access and steal personal information, including names, contact information (phone number, email address, and postal address), gender, date of birth, and driver’s license numbers. They also obtained Social Security numbers and passport numbers for a limited number of customers. The company clarified that the types of information compromised varied for each individual. It further stated that it does not believe that customer passwords, bank account numbers, or payment card information were obtained by the hackers. Additionally, MGM Resorts stated that it does not believe the criminals accessed the systems or data of The Cosmopolitan of Las Vegas.
