MGM Resorts International announced this morning, Sep. 20, that most of its operations are back to normal following over a week of disruptions caused by a cyberattack. The company’s website went down early last week, along with many network-reliant services at its brick-and-mortar properties.
In a statement on its account on X (formerly Twitter), the company wrote:
Our resort services, dining, entertainment, pools and spas are operating normally and welcoming thousands of guests each day. Our gaming floors, including slots, table games, and poker rooms are open. Visitors to all of our properties may use Slot Dollars and FREEPLAY, and our slots are recording gaming spend. Our slot ticket-in/ticket-out systems are up and running, and our amazing employees are available to help guests with any intermittent issues. We thank you for your patience and look forward to welcoming you soon.
In replies to that statement, MGM guests shared that there are still some lingering effects from the attack. One user reported that comp dollars (separate from Slot Dollars) and mobile check-in are not yet working. Another said that MGM is reimbursing resort fees for guests whose stays were negatively impacted by the outages, provided they ask for the reimbursement at check-out. The company has also reportedly been waiving cancellation fees.
A malware group known as ALPHV has claimed responsibility for the attack. Another group, Scattered Spider, may have helped with the social engineering, according to some reports. Available evidence suggests that the goal of the attack was to steal customer data. Caesars reportedly paid a $15 million ransom after suffering a similar attack, while MGM refused. ALPHV claims that the outwardly visible disruptions at MGM were the result of the company taking its own systems offline to defend against the hack.
Financial Cost to MGM Still Unknown
Response to the attack by MGM shareholders has been gradual and moderate (MGM Resorts International 39,43 -0,76% ). Share prices dropped 7.0% from the opening bell on Monday, Sep. 11, to the end of the day on Friday and a further 4.3% as the disruptions continued into this week.
However, before the attack came to light, the stock had already been on a slide of about 14% from its 52-week high of $51.35 on July 31. So, it’s hard to separate the effects of the attack from a continuation of that trend.
The big question on investors’ minds is how much of the financial damage from the attack is insurable. The Nevada Independent has quoted a Wall Street analyst as saying that its policy should cover up to $200 million in losses. Meanwhile, the Las Vegas Review-Journal cites a separate report estimating the company’s losses at between $4.2 and $8.4 million per day. Assuming both are correct and that the effects of the attack are nearly at an end, the bottom line may simply be an increase in MGM’s premiums and the intangible damage to the brand.
The online operations of BetMGM Casino & Sportsbook were never affected. BetMGM is a joint venture between MGM and the European online gambling conglomerate Entain, so its systems are largely separate from those of the retail casino company.