MGM Resorts International has filed a report with the United States Securities and Exchange Commission (SEC) in which it stated that the potential loss to the company as a result of the recent cyberattack could reach $100 million (€94.8 million).
On September 11th the company announced via social media that it had been the subject of a cyberattack that resulted in some of its systems being shut down as a precautionary measure. Just a few days later it emerged that Caesars had also been the subject of a cyberattack and had paid a significant ransom.
MGM CEO Bill Hornbuckle issued a statement to customers when the filing was made assuring them that hackers did not obtain any customer financial data. However, he did state that they may have accessed social security and passport numbers but that MGM had no evidence that this information had been used for identity theft.
In its filing MGM said:
“The company believes that the operational disruption experienced at its affected properties during the month of September will have a negative impact on its third-quarter 2023 results, predominantly in its Las Vegas operations, and a minimal impact during the fourth quarter. The company does not expect that it will have a material effect on its financial condition and results of operations for the year.
Specifically, the company estimates a negative impact from the cyber security issue in September of approximately $100 million to adjusted property EBITDAR for the Las Vegas Strip resorts and regional operations, collectively.”
It went on to add:
“Although the company currently believes that its cybersecurity insurance will be sufficient to cover the financial impact to its business as a result of the operational disruptions, the one-time expenses described above, and future expenses, the full scope of the costs and related impacts of this issue has not been determined.”
In his own statement, Hornbuckle said:
“As part of our remediation efforts, we have rebuilt, restored, and further strengthened portions of our IT environment,” Hornbuckle said. “We will offer free identity-protection and credit-monitoring services to individuals who receive an email from us indicating that their information was impacted.”
In related news, The Wall Street Journal has reported that MGM had refused to pay a ransom during the cyberattack ahead of the system shutdown.
MGM and Caesars Face Lawsuits Over Cyberattacks
Following the cyberattacks on both hotel and casino operators at least five lawsuits have been filed in US courts. The lawsuits allege that the companies failed to provide sufficient protection for customers’ personal and financial information.
The lawsuits also allege that both MGM and Caesars failed to give clear information to customers regarding whether or not their data was compromised during the attacks. The customers have stated that they have not received any assurances over the companies’ security measures and now fear that their information could be vulnerable to future attacks.
The Nevada Gaming Control Board has stated that it is unlikely that updates on the cyberattacks will be made available to the public.
Based in London, Natasha is a former sports journalist with experience working for some of the biggest athletes & brands in the world of sports and iGaming.