2 min Security

Hack at MGM casinos leads to theft of personal data and huge costs

Hack at MGM casinos leads to theft of personal data and huge costs

The recent hacking attack on MGM casinos has caused a serious data breach at the hotel chain and casino provider. The attack cost nearly 95 million euros ($100 million) in the third quarter of this year.

The recent hacking attack in which virtually all systems were down resulted in a serious data leak of personal data at the MGM casino and hotel group. The concern announces this in an update.

The hackers allegedly stole personal data from all visitors through March 2019. This includes names, contact details like phone numbers, email addresses and postal addresses, gender, date of birth and driver’s license number. Some customers’ Social Security numbers and/or passport numbers were also stolen. Customer passwords, bank details and credit card information were not reportedly stolen due to the hack.

MGM Resorts has since notified affected customers and acted to prevent recurrence and further theft.

Decline in quarterly profits

The attack further led to a decline in profits for the casino and hotel group in the third quarter of this year. This indicates the concern in a filing to the stock market regulator SEC. In total, the concern reportedly lost about $100 million in profits in the third quarter of this year.

In addition, MGM Casinos and Resorts spent about $10 million on security consulting and legal matters. Most of these costs may be covered through cybersecurity insurance, but the full impact is not yet known.

ALPHV responsible

The attack was carried out by the ransomware gang ALPHV. It happened through a sophisticated phishing attack on IT employees which made it possible to attack and exploit a known vulnerability in the casino and hotel chain’s Okta system.

Also read: Last week in ransomware: Caesars and KNVB pay, MGM struggles on