Use this search box to find articles that have run in our newspapers over the last several years.
Date: 10/11/2023
MGM Resorts International recently acknowledged that hackers gained access to customers’ personal information during a recent cyberattack.
In a regulatory filing with the U.S. Securities and Exchange Commission dated Oct. 5, MGM Resorts International said it identified a cybersecurity issue impacting some of the company’s U.S.-based computer systems on Sept. 12, prompting the company to shut them down. The shutdown caused significant disruptions in services at the company’s properties, including gaming machines, payment kiosks and hotel reservation systems.
The company claimed in the filing and MGM Resorts President and CEO Bill Hornbuckle reiterated in an Oct. 5 letter to customers that shutting down those systems prevented those responsible for the coordinated infiltration from accessing bank account or credit and debit card information. However, hackers were able to obtain other information, including customers’ names, contact information, genders, dates of birth and drivers license numbers of customers. Additionally, some of these customers’ social security and passport numbers were compromised. The incident specifically impacted customers who did business with MGM Resorts prior to March 2019. MGM Springfield recently celebrated the fifth anniversary of its August 2018 grand opening.
MGM Resorts claims its systems were again running normally and Hornbuckle said, “As part of our remediation efforts, we have rebuilt, restored, and further strengthened portions of our IT environment.”
As of press time, the number of impacted MGM Springfield visitors remains unclear. MGM Springfield Director of Public Affairs Beth Ward said the company did not have any additional information to share as of press time. Reminder Publishing also reached out to the Massachusetts Gaming Commission for additional information on the number of guests served by MGM Springfield prior to March 2019, but spokesperson Thomas Mills referred that request to MGM Springfield.
Per its own 2018 announcement, MGM Springield boasted more than 150,000 visitors on its opening weekend, Aug. 24-26, 2018. The casino later reported to the Massachusetts Gaming Commission that more than 1 million guests had visited the casino complex in its first six weeks. According to the Massachusetts Gaming Commissions’ four-month and one-year regional public safety assessments, the casino averaged an estimated 10,000 to 15,000 visitors daily. It was not specified how many of these were unique visits.
The company’s SEC filing and Hornbuckle’s letter claimed that MGM Resorts had no evidence that the obtained data had been used for identity theft of fraud. With that said, the company is offering free identity protection and credit monitoring services to individuals who receive an email stating their information was impacted. A call center and page on the company’s website, mgmresorts.com/importantinformation, have also been established to address the issue. The call center can be reached at 800-621-9431 and is open Monday through Friday, 8 a.m. to 10 p.m., central time, and Saturday and Sunday from 10 a.m. to 7 p.m., central time, with the exception of major U.S. Holidays.
MGM Resorts also reported to the SEC that the incident cost the company approximately $100 million and spent almost $10 million in one-time expenses dedicated to IT consulting services, legal expenses and third-party advisors. The company noted that the predicted negative impact on the company’s third quarter results would be predominantly reflected in its Las Vegas operations. More specifically, interuptions to customers’ ability to book resort accommodations through its website and mobile apps impacted the company’s occupancy in September, which ws 88%, a drop from 93% a year earlier. The company forecasted a rebound for October with 93% occupancy.
MGM Resorts was also the subject of a 2020 cyberattack in which similar archived information was stolen.