MGM Resorts: Cyber Attack or Terrorism?

Ransomware - image courtesy of Tumisu from Pixabay
image courtesy of Tumisu from Pixabay
Avatar of Linda Hohnholz
Written by Linda Hohnholz

An unauthorized third party obtained personal information of some of MGM’s customers which was reported on September 11, 2023.

Is the date of the MGM incident reporting significant? Is there meaning behind the fact that this security breach happened on the 22nd anniversary of the 9/11 attacks on the US World Trade Center? Or is this merely a coincidence?

Cyber attacks are normally criminally or politically motivated. Could this 9/11 cyber-attack have political motivations? Or was it merely a criminal activity designed to line the pockets of the attackers?

Ransomware Versus Terrorism

Ransomware is often compared to terrorism, because like terrorism, ransomware focuses on soft targets like civilian critical infrastructure, but unlike terrorism, it is primarily financially motivated.

It is believed that a group known as Scattered Spider is responsible for the MGM data breach. This group usually uses ransomware that has been made by ALPHV, also known as BlackCat. An organization that follows the hacker community claims it was BlackCat that compromised MGM by using LinkedIn to find an employee’s information and then engage in a 10-minute conversation with the Help Desk.

Caesars Entertainment, who was also hit by hackers recently, paid millions of dollars in ransom for an attack that happened just days prior on September 7.

MGM Casino - image courtesy of MGM Resorts
image courtesy of MGM Resorts

Attacks Costing Trillions

These new terrorists of the cyber world are costing companies trillions of dollars in stolen IP data. First, they attack, then they demand a ransom, thus defining ransomware.

Ransomware is malware designed to deny a user or organization access to files on their computer. By encrypting these files and demanding a ransom payment for the decryption key, cyberattackers place organizations in a position where paying the ransom is the easiest and cheapest way to regain access to their files.

Ransomware groups commonly ask for multiple payments in a double-extortion ransomware attack. The first gets a company the decryption keys, and the second ensures data is not released, however, data isn’t always returned. Even if a company pays, there’s no guarantee attackers will return the data or provide the decryption key.

In addition to the estimated $100 million loss on adjusted property earnings before interest, taxes, depreciation, amortization, and rent for Las Vegas Strip resorts and other regional operations, MGM expects to incur charges totaling less than $10 million covering one-time expenses like legal fees and technology consulting.

It has been widely reported that Caesars paid $15 million of a $30 million ransom sought by Scattered Spider for a promise to secure its data.

According to an unnamed person, MGM refused to pay a ransom demand it received, which MGM has neither confirmed nor denied.


What MGM did say is In a letter to its customers on the MGM website signed by CEO and President of MGM Resorts, Bill Hornbuckle, which in part stated the following:

“As previously reported, sophisticated criminal actors recently launched a cyberattack on MGM Resorts’ IT systems. We responded swiftly, shut down our systems to mitigate risk to customer information, and began a thorough investigation of the attack, including coordinating with federal law enforcement agencies and working with external cybersecurity experts. While we experienced disruptions at some of our properties, operations at our affected properties have returned to normal, and the vast majority of our systems have been restored.  We also believe that this attack is contained.”

According to MGM CEO Hornbuckle, no customer bank account numbers or payment card information was compromised in the incident, but the hackers did steal other personal information including names, contact information, driver’s license numbers, Social Security numbers, and passport numbers belonging to some customers who did business with MGM prior to March of 2019.

Is Customer Information Safe?

MGM Resorts says it does not believe customer passwords, bank account numbers, or payment card information was affected by this issue. Promptly after learning of this issue, MGM took steps to protect its systems and data, including shutting down certain IT systems. An investigation was quickly launched with the assistance of leading cybersecurity experts as MGM coordinated efforts with law enforcement. 

MGM Resorts notified relevant customers by email as required by law and arranged to provide those customers with credit monitoring and identity protection services at no cost to them.

About the author

Avatar of Linda Hohnholz

Linda Hohnholz

Editor in chief for eTurboNews based in the eTN HQ.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x
Share to...