\n<\/p>\n
MGM Resorts has confirmed hackers stole an unspecified amount of customers\u2019 personal information during a September cyberattack that will cost the hotel and casino giant an estimated $100 million.<\/p>\n
The hotel and casino giant first disclosed<\/a> it had been targeted by a large-scale cyberattack on September 11. The cyberattack, which was days later claimed by hackers from ALPHV subgroup Scattered Spider<\/a>, caused widespread disruption across MGM\u2019s properties, shutting down ATMs and slot machines and pulling the company\u2019s website and online booking systems offline.<\/p>\n In a regulatory filing<\/a> onThursday, the company admitted that the hackers responsible for the attack obtained some personal information belonging to customers who transacted with MGM Resorts prior to March 2019. This includes names, contact information, gender, dates of birth, and driver\u2019s license number. For a limited number of customers, hackers also accessed Social Security numbers and passport details, the company said.<\/p>\n It\u2019s not yet known how many individuals have been affected by the data breach, but MGM\u2019s resorts attract tens of millions of visitors each year. MGM spokespeople Andrew Chapman and Brian Ahern have repeatedly declined to answer TechCrunch\u2019s questions about the incident.<\/p>\n In its filing, MGM added that it does not believe that customer passwords or payment details were obtained during the attack.<\/p>\n MGM\u2019s filing with regulators reveals that the company expects the attack to reduce its third-quarter profit by approximately $100 million. MGM said it has also spent around $10 million in one-time expenses related to the cyberattack, mostly on technology consulting services, legal fees, and expenses of other third-party advisors.<\/p>\n According to the Wall Street Journal<\/a>, MGM Resorts reportedly did not pay the attackers\u2019 ransom demand, the amount of which is not yet known. When asked by TechCrunch, a representative for the Scattered Spider group did not comment. MGM\u2019s rival Caesars Entertainment, which was also hit by a recent ransomware attack<\/a>, is said to have paid about half of the $30 million demanded by the hackers to prevent the disclosure of stolen data. Media reports said the Scattered Spider group was also responsible<\/a> for the Caesars cyberattack, but the group told TechCrunch at the time it had \u201cno involvement\u201d with the incident.<\/p>\n MGM said it expects that its cyber insurance policy will be \u201csufficient\u201d to cover the financial impact to its business, but noted that the \u201cthe full scope of the costs and related impacts of this issue has not been determined.\u201d<\/p>\n The company added that it has seen \u201cno evidence\u201d that the data obtained by the criminal actors has been used for identity theft or account fraud.<\/p>\n The listing for MGM Resorts found on the dark web leak site of the ALPHV ransomware gang has not been updated since September 14, and it doesn\u2019t appear that the hackers have yet published any of the data stolen from the hotel giant.<\/p>\n While MGM claims that the cyberattack has been \u201cfully contained\u201d and that operations at the company\u2019s resorts have \u201creturned to normal,\u201d some of the MGM\u2019s services are still not operational at the time of writing, according to customer complaints on social media, including MGM\u2019s mobile app. <\/span><\/p>\n