The Wall Street Journal wrote on Thursday that MGM Resorts International didn’t pay the ransomware attackers who broke into its systems last month, forcing the company to shut down systems at several of its hotels and casinos. The hack kept many waiting to check into their rooms, including FTC chair Lina Kahn, who was in Las Vegas, Nevada to attend meetings about a merger between Kroger and Albertsons.
MGM said in a press release that hackers made off with customer data, including names, contact information, date of birth, and driver’s license numbers, as well as a “limited number” of customers’ social security numbers, passport numbers, or both.
The company didn’t specify how many people were affected by the hack, but according to its filing with the US Securities and Exchange Commission, the data hackers took was for “customers that transacted with the Company prior to March 2019.”
On the bright side, MGM said in its release that it “does not believe” the data thieves stole customers’ passwords, bank account numbers, or card details. It’s the small victories. MGM says it’s notifying customers via email and will give free credit monitoring and identity theft protection services to those affected.
The SEC filing says MGM’s domestic operations are back to normal, and “virtually all of the Company’s guest-facing systems have been restored,” adding that it expects the remainder will be “restored in coming days.” The company also wrote that it spent under $10 million on “technology consulting services, legal fees and expenses of other third party advisors” related to the attack, but it expects to lose about $100 million, all told.
If you think you were affected, here is what MGM says you can do:
The Company has set up a dedicated call center at 800-621-9437 toll-free Monday through Friday from 8 am – 10 pm Central, or Saturday and Sunday from 10 am – 7 pm Central (excluding major U.S. holidays). Please reference engagement number B105892 when calling. The Company also has set up a webpage at www.mgmresorts.com/importantinformation with additional information.
https://www.theverge.com/2023/10/7/23907776/mgm-refused-pay-customer-data-stolen-cyberattack-ransom