MGM Resorts estimates that last month’s cyberattack resulted in a US$100m loss to adjusted EBITDAR in the third quarter.
However, MGM said the disruption will have only a minimal impact on fourth quarter performance and full year results and it expects cybersecurity insurance will be sufficient to cover the financial impact, though that full amount hasn’t been determined yet.
The company said it incurred less than $10m in one-time expenses related to the cyberattack, including IT consulting services, legal fees and the expenses of third-parties.
MGM swiftly shut down its computer systems when the breach occurred on September 10, limiting a Russian hacker group access to information, it said.
In a regulatory filing, MGM said the damage appears to be contained, but the hackers obtained the personal identification information of some customers who visited MGM properties prior to March 2019.
That information includes ones’ name, phone number, email address, and all information on their driver’s license. Some customers’ Social Security numbers and passport numbers were also compromised, MGM said.
MGM said it doesn’t believe that customers’ passwords, bank account numbers or payment card information were compromised; and systems and data at The Cosmopolitan of Las Vegas seem to have been spared entirely, MGM said.
To date, there’s no evidence that customers have been subjected to fraud or identify theft, MGM said, however, affected customers will be notified, and MGM will offer them identity-theft protection and credit-monitoring services, in addition to a new help line.
Source: Fantini’s Gaming Report