In early September 2023, MGM Resorts International, a major casino and hospitality company, was the victim of a cyberattack. The attack was carried out by the Scattered Spider hacking group, which claimed to have stolen 6 terabytes of data from MGM’s systems.
The data that was stolen included names, addresses, phone numbers, email addresses, dates of birth, and Social Security numbers of MGM customers and employees. The hackers also claimed to have stolen credit card information, but MGM has not confirmed this.
MGM Resorts said that it discovered the cyberattack on September 6, 2023, and immediately took steps to contain it. The company shut down a number of its services and notified law enforcement and cybersecurity experts.
MGM Resorts also notified its customers of the data breach and offered them free credit monitoring and identity theft protection services.
On October 5, 2023, MGM Resorts filed a regulatory filing with the Securities and Exchange Commission (SEC) in which it said that the cyberattack is expected to cost the company more than $100 million. The company said that the costs will include the cost of investigating the breach, notifying customers, and providing them with credit monitoring and identity theft protection services.
The cyberattack on MGM Resorts is a reminder of the risks that all businesses face from cyber threats. Companies need to take steps to protect their data and systems from attack, and they need to have a plan in place in case they are the victim of a data breach.