The cyberattacks on MGM Resorts International and Caesars Entertainment in September 2023 had significant operational, reputational , and financial consequences .
MGM Resorts International reported that the attack resulted in a $100 million impact on its third-quarter results and prompted the company to shut down its systems to contain the damage . Additionally, they expect to incur a one-time cost of around $10 million . This is not the first cybersecurity incident for MGM , as they experienced a significant data breach in February 2020 , exposing the personal information of over 10.6 million guests . Hackers obtained an MGM employee’s data from LinkedIn and used it to impersonate the employee , gaining access to their sign-in credentials . Consequently, sensitive information such as names , addresses , phone numbers , email addresses , dates of birth , driver’s license numbers , and passport numbers were exposed. Allegations suggest that MGM Resorts failed to protect the personal information of its customers and loyalty program members , did not encrypt or adequately protect this information , did not warn affected individuals about its security practices , did not secure its hardware against intrusions , and did not provide timely notice of the breach . This breach highlights the vulnerability of relying on legacy sign-in credentials like passwords and SMS one-time passcodes , which can be easily exploited and reused . The recurrence of such incidents raises questions about whether lessons have been learned .
The cyberattacks on MGM Resorts International and Caesars Entertainment had significant consequences , including financial losses and reputational damage. MGM Resorts International alone reported a $100 million impact on its third-quarter results and incurred a one-time cost of around $10 million. The breach also exposed sensitive personal information of over 10.6 million guests , raising concerns about MGM Resorts’ security practices. The use of legacy sign-in credentials like passwords and SMS one-time passcodes was exploited , highlighting the need for stronger authentication methods. The recurrence of such incidents raises questions about the effectiveness of lessons learned and the need for improved cybersecurity measures in the future.