MGM Resorts Confronts Massive Data Breach: A Detailed Analysis
In September 2023, MGM Resorts International, a renowned hotel and casino giant, suffered a significant cybersecurity breach, disrupting its operations and compromising customer data. The attack, attributed to the ALPHV subgroup Scattered Spider, resulted in extensive financial and reputational damage to the company.
The Breach and Its Impact
On September 11, 2023, MGM Resorts experienced a cyberattack that led to the theft of an unspecified amount of customers' personal information. This data included names, contact details, gender, birth dates, and driver's license numbers. For some customers, Social Security and passport numbers were also compromised. The company clarified that customer passwords or payment details were not believed to be affected. MGM Resorts attracts tens of millions of visitors annually, yet the exact number of individuals affected remains undisclosed.
The breach's financial toll on MGM Resorts is significant, with an estimated $100 million loss in profits and around $10 million in related one-time expenses. Despite these setbacks, MGM assures that its cyber insurance policy will likely cover the financial impacts, and there's no evidence suggesting the stolen data has been used for identity theft or fraud
Attack Details and MGM's Response
Investigations reveal the intricate nature of the attack. The threat actors employed sophisticated methods, including SMS spearphishing, SIM swapping, social engineering, and backdoor implants, culminating in the encryption of approximately 100 ESXi servers. MGM Resorts' response involved system shutdowns, engaging cybersecurity experts, and working with law enforcement. The company is also providing credit monitoring and identity protection services to affected customers.
The attack underscores the evolving sophistication of cyber threats and the challenges in defending against them. The ransomware group ALPHV/Blackcat/Scattered Spider, responsible for similar attacks on other major entities like Caesars Entertainment, demonstrated a high level of persistence and skill in compromising MGM's network. MGM's handling of the incident, characterized by inadequate administrative capabilities and weak incident response, points to the need for improved cybersecurity strategies and practices.