💣

MGM Resorts International Security Incident

12/09/2023 653 days ago Resolved

Incident Overview

Situation Description

MGM Resorts International experienced a cybersecurity issue affecting certain of its U.S. systems, leading to operational disruptions and the potential compromise of some customer personal information.

Event Types

Malware / Destructive Attack

Industry Sector

Hospitality

Geographic Scope

National (US)

Response Actions

Isolated Compromised Systems Took Systems or Services Offline Engaged Third-Party Forensic Investigators Notified Affected Individuals & Entities Notified Law Enforcement Offered Post-Breach Remediation Services

Impact Analysis

Event Types (1 identified)

Malware / Destructive Attack

Financial Impact

$100,000,000 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Credentials

Primary Impacts

Operational Disruption Data Exposure Financial Loss

Key Decisions Made

Promptly after detecting the issue, MGM Resorts began an investigation with assistance from leading external cybersecurity experts.; MGM Resorts notified law enforcement and took steps to protect its systems and data, including shutting down certain systems.; MGM Resorts will provide notification by email to impacted individuals and offer free identity protection and credit monitoring services.

Technical Analysis

Attack Method

Unknown

Additional Information

Cybersecurity in the hospitality industry Hospitality, one of the most vulnerable industries People strongly believe that travel is an essential ingredient of long-lasting happiness. They want to open their lives to new paths of excitement and adventure, visit new places, experience new cultures, grow into better and happier individuals. Travel builds self-confidence, brings people closer, provides with new experiences and memories, breaks routine, and allows to meet people from all over the world. Travellers expect friendship, love, adventure, surprises. A nice hotel room and everything else that the hospitality industry can offer, is the most important part of this experience. Unfortunately, managers and employees of firms and organizations of the public and the private sector staying in hotel rooms are main targets of foreign intelligence services (including but not limited to the intelligence service of the destination country), state-sponsored groups, the organized crime, even foreign businesses that exploit all opportunities to acquire sensitive or classified information. People travelling are vulnerable due to the limited control they exercise over their immediate surroundings. The hospitality industry must protect its clients, and the majority of safety and security related challenges can be managed through good security planning, sound security practices, and security awareness and training of managers and employees in every venue and hotel chain. A new cybersecurity culture for the hospitality industry is necessary. It refers to the knowledge, beliefs, perceptions, attitudes, assumptions, norms, values, and expectations of managers and employees in every venue and hotel chain, regarding security and cybersecurity. Managers and employees must be involved in the prevention, detection, and response to deliberate malicious acts that target systems, persons, and data. During the past decades, hotels and hotel chains have made substantial investments in...

... (truncated for display)

Quick Facts

Company:: MGM Resorts International
Date:: 12/09/2023
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 5/10/2023

Source Information

Original Query

MGM Resorts SEC filing 10-Q Q3 2023 cybersecurity incident financial impact

View Original Source

Timeline

Information Published

5/10/2023

Incident Occurred

12/09/2023 (653 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats