After some initial silence, Las Vegas casino giant MGM has announced a loss of $100 million to the activities of computer hackers. This comes after its refusal to pay ransom demands of cybercriminals who gained access to its systems.
Although it says the “full scope of the costs and related impacts of this issue has not been determined,” the company is confident of a bounce back.
How Serious Was the MGM Cyber Attack?
MGM took a massive hit from cyber attackers in early September. Its website was down for days and guests were unable to make hotel reservations for their planned stay.
The attack crippled operations in MGM’s Bellagio and Mandalay Bay properties, affecting slot machines, ATMs, hotel doors, and elevators. Customers had to endure a long wait to access casino halls and even their hotel rooms.
MGM Had to Make Slot Payouts by Hand
A major highlight of the attack was MGM having to pay slot machine winnings by hand rather than through regular paper vouchers. In addition, the situation got so bad that guests had to write their check-in information on clipboards.
Payments were also heavily affected as many guests were unable to settle bills with their credit cards. As expected, patronage began to decline. MGM had to offer free drinks to keep customers’ tempers down.
Who Was Responsible for the Attacks?
A Russian-linked hacker group, ALPHV has claimed responsibility for the attacks. The group is notorious for laying siege to computer systems for ransoms.
The group, which is also referred to as BlackCat, reportedly had some help. Tech experts believe that the group collaborated with Scattered Spider, another hacker group that is made up of UK and US youths, to carry out the attack.
As Advised by the FBI, MGM Refused to Pay Ransom
In a recent statement by MGM, the company announced that it refused to pay ransom to the attackers. This announcement is music to the ears of the FBI who have repeatedly implored organizations under such attacks to resist the urge to settle the attackers.
The FBI believes that paying ransom to cyber attackers will motivate them to continue the act.
Not Every Organization Has Towed the Same Path
Refusing to pay ransom to cyber attackers isn’t an easy decision. Organizations in such situations have to consider the potential for huge financial loss as well as the damage to their reputation.
The security of customer information and the consequent catastrophic lawsuits are also too risky to ignore. For these reasons, another Las Vegas casino giant Caesars, which was also attacked, had to part with $15 million to the hackers.
MGM Is Paying a Bigger Price
While MGM’s refusal to pay a ransom is the more noble path, its monetary losses of up to $100 million are pretty massive and could cause possible future victims to rethink. This means MGM has lost more than 6 times that of Caesars.
The company also reported that it spent about $10 million on legal experts and tech advisors after the attack. The cooperation of these professionals was crucial in formulating an efficient response to the security breach.
The Attackers Also Accessed Customers’ Personal Information
Equally as damaging as MGM’s massive financial loss is the exposure of private customer information to hackers. MGM’s CEO, Bill Hornbuckle, announced this in his statement.
While stating that customers’ banking information was safe, he noted that personal information such as “name, contact information, gender, date of birth, and driver’s license number” were stolen. Only customers who patronized the company before March 2019 were affected.
Social Security Numbers Are Also at Risk
According to Bill, the hackers also had Social Security numbers within their reach. “We also believe a more limited number of Social Security numbers and passport numbers were obtained.”
However, so far, nothing negative has come out of this access. “We have no evidence that the criminal actors have used this data to commit identity theft or account fraud,” he added.
How Did the Hackers Gain Access?
For billion-dollar companies such as MGM, cybersecurity is a priority. Procuring and maintaining security measures gulps millions of dollars every year.
For hackers to gain access to such well-protected security systems, they usually have to trick the company. These hackers will usually pose as company employees to deceive IT service desk staff into providing access to company systems.
Getting Back to Normal
The dust is settling at MGM. Company leaders are looking to make a swift rebuild from the massive profit landslide. “Virtually all of the Company’s guest-facing systems have been restored,’ the company said.
Executives expect to achieve a total occupancy of 93% by the end of October which is just one percent short of the 94% of the same month last year.
MGM Expects No Significant Change in Year-End Profit
MGM is hopeful of matching its average year-end turnover. The company expects heavy gains this quarter. A nearby sports event might end up saving the day.
The highly celebrated Formula 1 is coming to Las Vegas by November and a consequential boom in business will help the company record its usual profit margins. Or at least, something close to it.
