Site Overlay

Casino giant MGM expects $100 million hit from hack that led to data breach

On Thursday threatening “additional attacks” if their ransom demands are not met. As more details emerge from September’s Las Vegas casino cyberattacks, Caesars Entertainment – the owner of Caesars Palace – has disclosed more than 41,000 Maine residents alone had their info stolen by a ransomware gang. Reuters, the news and media division of Thomson Reuters, is the world’s largest multimedia news provider, reaching billions of people worldwide every day. Reuters provides business, financial, national and international news to professionals via desktop terminals, the world’s media organizations, industry events and directly to consumers. That makes sense because there are financial consequences to ransomware events.

cybersecurity casinos

The data thieves had already been in the hotel giant’s IT environment for several days before sending a ransom note for a sum Hornbuckle declined to reveal. By that point, the gambling biz had started rebuilding its systems from backups and didn’t see any reason to respond to the criminals. These include questions about the ransom demanded and whether it was paid, and how many thousands of customers were caught in the ransomware crew’s web. The biz’s 8-K SEC form claimed a “significant number” of loyalty members were feared stolen. “To ease any concern you may have, we are offering you complimentary identity theft protection services for two years through IDX, a data breach and recovery services expert,” the notification letter continued. “Additional risks to MGM include potential revenue losses while systems were down, reputational risk and any direct costs related to investigation and remediation.

MGM Resorts said in a statement late Monday night that its resorts “continue to deliver the experiences for which MGM is known,” including its dining, entertainment and gaming options. The Cybersecurity and Infrastructure Security Agency, which is part of the U.S. Department of Homeland Security, announced on Thursday that it is in contact with MGM Resorts “to understand the impacts of their recent cyber incident.” The FBI said an investigation was ongoing but offered no additional information.

The regulation also says a casino that has been attacked has 72 hours to report it to regulators. Its CEO, Bill Hornbuckle, told Bloomberg his reasons for not caving to the crooks’ extortion were not driven by nobility. “We have no evidence that the criminal actors have used this data to commit identity theft or account fraud.” Sources earlier told Reuters AlphV worked with another outfit named Scattered Spider to break into MGM systems and steal data to hold for extortion. “Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter,” MGM Resorts posted on social media.

Anywhere that monetary transactions occur, online needs to have the highest level of security in place. It’s not just about the casino companies keeping their company safe; the measures are put in place to keep customers safe too. These jurisdictions do not investigate on player disputes at all and offer no guarantees to players and in case of any problems players have to take matters in their own hands. That does not necessarily means that any online casino with such a license will not help you with your problems, it just means that if they are not willing to help you, there’s not much you can do and you’re all by yourself to deal with them. Casino security refers to the measures that are taken at casinos to protect the establishment’s money, property and patrons.

Most of them offer a wide variety of payment methods, the most popular being credit cards and various third party e-wallet services like Neteller, Skrill (ex-Moneybookers) or recently PayPal. All the safest online casinos display their licensing information in their home page footer, often along with their license numbers. If you can’t find it there, look in their “About Us” or “Terms and Conditions” section.

The November Formula One Las Vegas Grand Prix and February’s Super Bowl should help MGM recover quickly from the cyberattack that ravaged the company in September. Nevada’s nonrestricted licensees will have until Dec. 31 to prepare and submit a cybersecurity plan to the Gaming Control Board. “I think there’s a role for us to play in that conversation, but depending who the criminals are, that’s an international organization. Then now you’ve got the State Department and there might be some national security implications involved,” Rebuck said. At the time, Okta’s chief security officer David Bradbury told The Register that Scattered Spider was behind these attacks.

  • According to the latest data, cybercrime is expected to cost the world $10.5 trillion annually by the end of 2025.
  • Casinos can face crippling fines if any of their many points-of-sale are found to not meet PCI compliance standards.
  • The biz’s 8-K SEC form claimed a “significant number” of loyalty members were feared stolen.
  • Cybercriminals most often go after organizations that deal with what hackers want the most—money and personal information, which is why online casinos are one of the most lucrative targets for cyberattacks.
  • Now she was being greeted by four new transactions she did not recognize — charges that she said increased with each transaction, from $9.99 to $46.
  • To do that, casinos rely on SSL certificates, which work like digital passports that verify and protect the integrity of website communication with browsers.

By Thursday, Caesars Entertainment — the largest casino owner in the world — confirmed it, too, had been hit by a cybersecurity attack. The casino giant said its casino and hotel computer operations weren’t disrupted but couldn’t say with certainty that personal information about tens of millions of its customers was secure following the data breach. The casino giant said its casino and hotel computer operations weren’t disrupted but couldn’t say with certainty that personal information about tens of millions of its customers was secure following the data breach.

“The cost increase is likely to be isolated to MGM and Caesars,” said Derigiotis, who will be speaking on cybersecurity insurance at the ITS conference in Las Vegas later this month. Nevada is in the midst of establishing oversight in cybersecurity matters after regulators approved amendments to gclub casino Regulation 5, which guides casino operations, in December. Panelists spent more than half of their regulatory session discussing cybersecurity, a topic amplified by hacking attacks on computer systems operated by Caesars Entertainment Inc. in August and MGM Resorts International in September.

One state that does require cybersecurity insurance is Massachusetts, where MGM operates MGM Springfield. Cyberattacks on Caesars, MGM properties lead to discussions by gaming regulators on opening day of G2E conference in Las Vegas. Scattered Spider is reportedly an affiliate of ALPHV, also known as BlackCat, a ransomware-as-a-service (RaaS) operation that rents its malware to other criminals. These steps, we’d assume, including paying the ransom demand – which was reportedly negotiated at $15 million after an initial demand for $30 million. Hackers often hold stolen data for ransom and may also leak it to public forums or sell it to other cybercriminals. One of the world’s largest gambling firms, MGM shut down its systems after detecting the attack to contain damage, it said.