💰🗃️

MGM Resorts International, Caesars Entertainment Security Incident

late 2023 731 days ago Resolved

Incident Overview

Situation Description

MGM Resorts and Caesars Entertainment suffered significant cyberattacks in late 2023, highlighting the importance of cyber insurance and robust cybersecurity measures.

Event Types

Ransomware Data Breach

Industry Sector

Hospitality

Geographic Scope

nan

Response Actions

Refused to Pay Ransom / Extortion Paid a Ransom Managed Public Narrative & Crisis Communications

Impact Analysis

Event Types (2 identified)

Ransomware Data Breach

Financial Impact

$110,000,000 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Credentials

Primary Impacts

Operational Disruption Financial Loss Data Exposure

Key Decisions Made

MGM refused to pay a ransom demand of an unspecified amount to the hacker group ALPHV following a ransomware attack.; Caesars Entertainment paid a $15 million ransom to the hacker group Scattered Spider to prevent the leak of customer data after a data breach.

Technical Analysis

Attack Method

Social Engineering

Threat Actor Attribution

ALPHV Scattered Spider

Additional Information

Cyber Liability Insurance Insights: Lessons From Recent HeadlinesHow MGM and Caesars Attacks Highlight the Power of Cyber Insurance Marc Galindo 4 min July 26, 2024 This article was originally published on Live Insurance News . In late 2023, two of the most iconic names in the hospitality industryMGM Resorts and Caesars Entertainmentfell victim to significant cyberattacks. These breaches underscore the growing threat of cybercrime and highlight a dramatic shift in the digital battleground. Beyond a simple wake-up call for cybersecurity measures, these incidents showcase the pivotal role of cyber insurance in mitigating financial and operational damages and providing a lifeline during the chaos of a cyber crisis. The Attacks: What Happened? MGM Resorts International Russian hacker group, ALPHV, infiltrated MGM's systems with a crippling ransomware attack, causing widespread disruptions. Guests experienced check-in delays and were locked in or out of their hotel rooms. Gaming machines went offline and stopped all transactions, causing substantial revenue losses and operational disarray. The threat actor group demanded a ransom for the decryption of the compromised data, which MGM refused to pay, resulting in a loss of over $110 million $100 million in lost revenue and approximately $10 million in one-time expenses such as consulting services and legal fees. Caesars Entertainment Around the same time, Caesars reported a data breach that exposed many of its loyalty program members' sensitive information. ALPHV former affiliate, Scattered Spider, accessed a vast trove of personal data, including Social Security numbers and driver's license details. Unlike MGM, Caesars opted to pay $15 million in ransom to prevent the data from being leaked. The goal of this decision was to prevent the potentially devastating exposure of their customers' private information. Contrasting Ceasars' response illustrates the varying strategies that companies may adopt when under cyber...

... (truncated for display)

Quick Facts

Company:: MGM Resorts International, Caesars Entertainment
Date:: late 2023
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 26/07/2024

Source Information

Original Query

MGM Resorts class action lawsuit settlement details "Scattered Spider"

View Original Source

Timeline

Information Published

26/07/2024

Incident Occurred

late 2023 (731 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats