MGM Resorts International has provided an update on the recent cybersecurity incident that impacted its operations, stating that it had detected unauthorised third-party access to some of its systems, which occurred around 11 September, 2023.
The breach resulted in unauthorised access to certain customer information, including names, contact details (such as phone numbers, email addresses and postal addresses), gender, date of birth and driver's license numbers.
Additionally, for a smaller group of customers, social security numbers and passport numbers were also exposed.
MGM Resorts emphasised that customer passwords, bank account numbers and payment card information were not compromised in the incident.
In response to the breach, MGM Resorts took steps to secure its systems and data, including temporarily shutting down specific systems.
Since the breach, the company has initiated an investigation, collaborating with cybersecurity experts and law enforcement agencies.
MGM Resorts is offering affected customers credit monitoring and identity protection services at no cost. Customers who receive notifications about the incident are encouraged to follow the provided instructions for enrolling in these services.
This incident is not isolated to MGM, as Caesars Entertainment recently faced a similar cybersecurity breach, where reports suggest it paid a ransom of approximately $15m to prevent disruptions in their operations.
Furthermore, in April 2023, Gateway Casinos in Ontario also experienced system outages due to a cybersecurity incident and was forced to close its locations.
MGM Resorts CEO & President, Bill Hornbuckle, addressed customers in a letter, expressing gratitude for their loyalty and patience during the incident. He reassured customers that the breach did not compromise any bank account or payment card information and that the company believes the attack was contained.