MGM Resorts’ cyberattack headache continues as regulators launch investigations

The company said it could face fines in connection with regulatory inquiries stemming from the social engineering attack.

Dive Brief:

MGM Resorts said federal and state regulators are investigating the company in connection with the September cyberattack that disrupted operations at the hotel and casino firm for days, the company said in a 10-K filing with the Securities and Exchange Commission last week.
MGM Resorts warned it could face monetary fines and other actions as a result of the investigations. The company said it is “reasonably possible” it could incur losses in connection with legal proceedings, which include class action lawsuits, however it is too early to estimate the impact.
MGM was targeted in a social engineering attack linked to the Scattered Spider and AlphV/BlackCat ransomware groups. In October, the company warned its Las Vegas area hotels would incur a $100 million impact from the attacks, in a filing with the SEC.

Dive Insight:

MGM Resorts, which operates more than 30 hotel and casino properties around the world, suffered one of the most high-profile cyberattacks in the U.S. last year. The attacks left many hotel guests locked out of rooms, disrupted casino operations and temporarily impacted online reservations.

During the company’s fourth quarter conference call earlier this month, CFO Jonathan Halkyard said there were some “lingering cyber incident challenges” impacting the regional properties. Las Vegas bookings were briefly impacted in October as some hotel guests canceled reservations following the attack.

The company did not specify which agencies were investigating, however various federal and state authorities have ramped up investigations across industries to examine whether organizations have taken proper measures to protect customer data. Officials at the Nevada Gaming Control Board, the Federal Trade Commission and the Securities and Exchange Commission declined comment.

MGM Resorts said it has cybersecurity insurance, however it is not clear whether insurance will be able to fully fully cover all related claims. The company also provided extensive details on its cyber resilience strategy, which includes quarterly reports from an audit committee, annual assessments from outside experts and other resilience measures.

MGM Resorts previously suffered a cyberattack in 2019, where the sensitive data of more than 10.6 million guests was stolen and later posted online.

The FTC and SEC have previously taken action against other companies in connection with prior cybersecurity practices. The SEC filed a civil suit against SolarWinds and its CISO in October alleging the company failed to disclose known cybersecurity risks to investors.

2024-02-28

By materials of Cyber Security Dive, https://cybersecuritydive.com/news/mgm-resorts-federal-state-probes-cyberattack/708494/

Фотографии: An exterior view shows the marquee at MGM Grand Hotel & Casino on the Las Vegas Strip amid the spread of coronavirus (COVID-19) on August 28, 2020 in Las Vegas, Nevada. Ethan Miller via Getty Images, https://cybersecuritydive.com/news/mgm-resorts-federal-state-probes-cyberattack/708494/

Similar articles

2024-02-26

Donagh Davern - Hotel sector must implement technology to thrive

Labour shortages and increased guest demands will mean that technological advances will increase for the hospitality sector. What started out as a response to the pandemic and the need for virtual services, has now led to a technological revolution in the hotel sector.

2024-02-24

Spanish watchdog hits Booking with record fine of €490 million

Spanish competition watchdog CNMC plans to issue a record fine of €490 million to Dutch holiday rental website Booking following reports of false competition from two Spanish hotel owners’ organisations, Spanish and Dutch media reported on Friday.

We use cookies 🍪 on all our sites, because without them some functions would not work.
Have a look how to enable cookies use for your browser in Yandex help.