The criminal cyberattack on MGM Resorts in Las Vegas last month resulted in the company’s losing around $100 million, it said in a filing Thursday evening with the Securities and Exchange Commission.
The admission is a rare insight into the giant sums that major companies can lose when they fall victim to significant hacks.
MGM, whose prominent casinos along the Las Vegas Strip include the Bellagio and Mandalay Bay, were hacked last month. The company said it deliberately shut down a number of services “to mitigate risk to customer information.”
The shutdown had severe impacts for MGM. Some hotel customers couldn’t use key cards to enter their rooms. Employees were locked out of corporate emails for days. The tech news website 404 Media found entire sections of slot machines at MGM casinos roped off.
The fallout stood in sharp contrast what happened to rival Caesars Entertainment, which disclosed that it had been hacked around the same time. Caesars indicated in its SEC filing that it may have paid the hackers to go away.
In an open letter also published Thursday evening, MGM CEO Bill Hornbuckle said that “the vast majority of our systems have been restored,” adding, “We also believe that this attack is contained.”
Even though those systems were shut down, the hackers did access some customer information. While customer bank account information and credit card numbers appear untouched, the hackers stole some customers’ personal information, including names, driver’s license numbers and Social Security numbers, Hornbuckle said.