MGM Resorts 2023 Ransomware Attack: Hotel and Casino Systems Shut Down
A social engineering attack on MGM IT help desk led to full ransomware deployment, shutting down slot machines, hotel systems, and reservations for over a week.
Unlock Full Privacy Intelligence
Get deep-dive reports on every company that touches your data. SeekerPro members see breach timelines, DSAR success rate...
Learn MoreAudit Your Site Free
Run a full privacy and compliance audit on any website in 60 seconds. NexusBro scans cookie consent, tracker behavior, a...
Learn MoreAutomate Privacy Compliance
Stop wasting hours on manual DSAR filings and cookie consent management. BliniBot handles the busywork so your team can ...
Learn MoreData Types Exposed
Response Timeline
September 10 2023: Scattered Spider contacts IT help desk
September 11-20 2023: Systems down including slot machines and hotel keys
September 20 2023: Systems begin restoring
October 2023: $100 million financial impact estimated
Detailed Analysis
The MGM attack demonstrated how a single social engineering phone call could compromise a $14 billion company. Unlike Caesars which paid $15 million ransom, MGM refused to pay, accepting the $100 million financial impact.
The breach at MGM Resorts exposed Estimated millions of guests records through social engineering of it help desk by scattered spider group; alphv/blackcat ransomware. Millions of current and former MGM Resorts guests The incident highlights the ongoing challenges organizations face in protecting sensitive user data against increasingly sophisticated attack vectors. Security researchers have noted that breaches of this magnitude often result from a combination of technical vulnerabilities and organizational failures in security practices.
Current status: $100 million financial impact; MGM did not pay ransom. Affected users should take immediate steps to protect their accounts, including changing passwords, enabling multi-factor authentication, and monitoring financial accounts for unauthorized activity. Filing a DSAR with MGM Resorts can help you understand what data was exposed and request its deletion.
What To Do If Affected
- Change your password immediately on this service and any accounts using the same password
- Enable two-factor authentication on all critical accounts
- Monitor your credit reports for unauthorized activity
- Consider placing a credit freeze with major bureaus
- File a complaint with your local data protection authority
Protect Your Data Across Every Platform
Tools trusted by thousands of privacy-conscious users worldwide
No card charged today. Cancel anytime.
Frequently Asked Questions
How many records were affected in the MGM Resorts breach?
The MGM Resorts data breach affected Estimated millions of guests records. Data types exposed include: names, contact information, dates of birth, driver license numbers, Social Security numbers (limited), passport numbers (limited).
What should I do if I was affected by the MGM Resorts breach?
If you were affected, change your passwords immediately, enable two-factor authentication, monitor your credit reports, and consider placing a credit freeze. You can also submit a DSAR to MGM Resorts requesting deletion of your data.
Is there compensation for MGM Resorts breach victims?
$100 million financial impact; MGM did not pay ransom Check if a class action settlement exists and whether you are eligible to file a claim.