In an alarming disclosure reverberating across international borders, MGM Resorts International, headquartered in Las Vegas, has recently fallen victim to a crippling cyberattack, with repercussions estimated to exceed a staggering US$100 million. This unsettling development, detected initially on September 10, didn’t just compromise vast amounts of sensitive customer data but also severely hampered the operational aspects of the business, a scenario that’s prompting companies worldwide, including those in Canada, to reassess their cybersecurity infrastructure.
The data breach’s fallout was so extensive that MGM took the extraordinary step of deactivating numerous IT systems across its U.S. properties. This drastic action, meant to staunch the data leak, led to a cascade of service disruptions over ten days. Patrons found themselves unable to complete credit card transactions, withdraw cash, or even access their hotel rooms, leading to online consternation.
The resilience in MGM’s response, however, merits recognition. The company managed to restore normalcy across its systems by September 20 substantially. The incident, while not explicitly described by the company, bears the characteristics of a ransomware attack, according to cybersecurity professionals like Emsisoft’s Brett Callow. If this is the case, the attack’s financial implications could be unprecedented, surpassing the notorious 2019 Norsk Hydro incident, which saw losses of US$70 million.
In a message that sought to both inform and reassure, MGM’s CEO Bill Hornbuckle confirmed that while the cyber intruders did access personal data such as names, contact details, and various identification numbers, no direct financial information was exposed. In response to the breach, the company isn’t just stopping at apologies. However, it is taking concrete steps to support affected customers, including offering free identity protection and credit monitoring services — a move that Canadian companies can view as a model for customer-centric responses.
Financially, the repercussions of the breach are set to ripple through MGM’s third-quarter earnings, particularly impacting its Las Vegas operations, as disclosed in a document to the U.S. Securities and Exchange Commission. However, the company remains optimistic that these effects will diminish by the fourth quarter, posing minimal annual operational setbacks.
Interestingly, MGM wasn’t alone in facing such a predicament. Another titan in the industry, Caesars Entertainment, also found itself in the cyberattack crosshairs within the same timeframe. Rumours have been rife about Caesars conceding to a significant ransom payment, although their operations remained undisrupted.
These incidents have catalyzed federal lawsuits and spotlighted the urgent need for fortified digital defences within the U.S. and for companies worldwide, including Canada. The issue extends beyond the casino industry — as evidenced by Clorox’s recent cyber woes — underscoring the pervasive threat of cyberattacks.
For Canadian businesses and those globally, this is a clarion call for investing in stringent cybersecurity measures, vigilant system oversight, and comprehensive emergency response plans to protect organizational and customer data against the growing spectre of cybercrime.