MGM discloses $100M hit from cyberattack
By 
Jeff Dale2023-10-06T17:38:00
MGM Resorts International said it expects to take a $100 million hit as part of the fallout of a cyberattack that has most significantly impacted its Las Vegas operations.
MGM first acknowledged detection of the issue in a press release last month. On Thursday, the company disclosed in a regulatory filing it “shut down its systems to mitigate risk to customer information, which resulted in disruptions at some of the company’s properties but allowed the company to prevent the criminal actors from accessing any customer bank account numbers or payment card information.”
MGM said some personal information was breached for business conducted prior to March 2019, including names, phone numbers, email and postal addresses, genders, dates of birth, and driver’s license numbers. For a limited number of customers, Social Security numbers and passport numbers were also obtained.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
PremiumExpert: Clorox ‘trying to do the right thing’ with rapid cyberattack disclosures
The timing of a recent cyberattack against Clorox juxtaposed against the Securities and Exchange Commission’s adoption of its cybersecurity incident disclosure rule soon to take effect has presented a case study regarding how companies might seek to meet the requirements of the rule.
-
PremiumPaying ransom to avoid GDPR fine an unwise gambit
Companies that think paying reduced ransomware demands would be a better move than informing regulators of a data breach and facing enforcement are playing with fire, according to experts.
-
PremiumPreparing for SEC cybersecurity rules an opportunity for collaboration
Businesses can prepare for the Securities and Exchange Commission’s upcoming cybersecurity disclosure rule by going through it and identifying key gaps in compliance.
More from Cybersecurity
-
News BriefU.K. says company boards need to worry more about cybersecurity risks
The U.K. government wants directors and boards of directors to become more actively involved in cybersecurity risks facing public and private companies, as the world faces “alarming” threats from criminal gangs and malicious nation-states. Though many organizations take cybersecurity seriously, the U.K. government says they do not place management of ...
-
PremiumNavigating compliance: A guide for small teams to tackle CMMC
Many small organizations within the Defense Industrial Base are struggling to meet the rigorous requirements validated through the Cybersecurity Maturity Model Certification, writes Thomas Graham, CISO at Redspin. If you haven’t been tracking it closely, CMMC was finalized in October, with an effective date of December 16, 2024.
-
PremiumFinancial crime in the shadows of the dark web
The dark web has been depicted as a long-standing hub for crimes, where illegal activities such as drug dealing, financial fraud, weapon sales, murder for hire, stolen credit cards, and ransomware gags are easily accessible to the public.