Ransomware, Security Staff Acquisition & Development

MGM Resorts customer data stolen in $100M ransomware attack

Click for more special coverage

MGM Resorts has confirmed that customer data had been stolen in a ransomware attack that cost the global hospitality and entertainment company nearly $100 million in total damages, according to The Record, a news site by cybersecurity firm Recorded Future.

While all of MGM Resorts' systems were shut down after the intrusion was identified earlier last month in a bid to prevent data compromise, an investigation by the company revealed that threat actors were still able to exfiltrate information, including names, phone numbers, addresses, Social Security numbers, driver's license numbers, and passport numbers.

Nearly all of the company's customer-facing systems have already been restored, said MGM Resorts, which expects a return to 100% occupancy in Las Vegas by next month. However, further investigation is still being conducted to determine the total extent of the incident, which was attributed to ALPHV/BlackCat ransomware affiliate Scattered Spider, which was also associated with the attack against Caesars Entertainment, Clorox, Coinbase, and Reddit.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.