What happened in the MGM data breach?
Twingate Team
•
May 24, 2024
In September 2023, MGM Resorts experienced a significant cyberattack, causing disruptions to its operations and resulting in a $100 million loss for the company's Q3 results. The attack, attributed to the hacking group Scattered Spider, a subgroup of the ALPHV ransomware gang, affected various MGM properties, including iconic locations on the Las Vegas Strip. Guests reported issues with slot machines, ATMs, digital key cards, electronic payment systems, and online reservations. The company declined to comment on whether a ransom was paid. The breach involved unauthorized access to personal information of some customers who used MGM services before March 2019.
How many accounts were compromised?
The breach impacted data related to approximately 11 million individuals.
What data was leaked?
The data exposed in the breach included credit card numbers, expiration dates, cardholder names, billing addresses, and CVV codes.
How was MGM hacked?
Hackers breached MGM's systems through an unauthorized third party, causing disruptions to operations and stealing personal information of customers who used MGM services before March 2019. The attack impacted various MGM properties, leading to issues with slot machines, ATMs, digital key cards, electronic payment systems, and online reservations. The company has since notified affected customers and offered free credit monitoring services, while also stating that security measures have been "strengthened and enhanced" since the 2019 breach.
MGM's solution
In response to the cyberattack, MGM Resorts took several measures to secure its systems and prevent future hacking incidents. This included shutting down certain systems and implementing additional safeguards to further protect its infrastructure. MGM also launched an investigation with the assistance of leading cybersecurity experts and coordinated with law enforcement. Affected customers were notified by email as required by applicable law, and MGM arranged to provide them with credit monitoring and identity protection services at no cost.
How do I know if I was affected?
MGM Resorts has notified customers believed to be affected by the breach. If you're an MGM customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective platform or financial institution.
For more specific help and instructions related to MGM's data breach, please contact BetMGM support directly.
Where can I go to learn more?
If you want to find more information on the MGM data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the MGM data breach?
Twingate Team
•
May 24, 2024
In September 2023, MGM Resorts experienced a significant cyberattack, causing disruptions to its operations and resulting in a $100 million loss for the company's Q3 results. The attack, attributed to the hacking group Scattered Spider, a subgroup of the ALPHV ransomware gang, affected various MGM properties, including iconic locations on the Las Vegas Strip. Guests reported issues with slot machines, ATMs, digital key cards, electronic payment systems, and online reservations. The company declined to comment on whether a ransom was paid. The breach involved unauthorized access to personal information of some customers who used MGM services before March 2019.
How many accounts were compromised?
The breach impacted data related to approximately 11 million individuals.
What data was leaked?
The data exposed in the breach included credit card numbers, expiration dates, cardholder names, billing addresses, and CVV codes.
How was MGM hacked?
Hackers breached MGM's systems through an unauthorized third party, causing disruptions to operations and stealing personal information of customers who used MGM services before March 2019. The attack impacted various MGM properties, leading to issues with slot machines, ATMs, digital key cards, electronic payment systems, and online reservations. The company has since notified affected customers and offered free credit monitoring services, while also stating that security measures have been "strengthened and enhanced" since the 2019 breach.
MGM's solution
In response to the cyberattack, MGM Resorts took several measures to secure its systems and prevent future hacking incidents. This included shutting down certain systems and implementing additional safeguards to further protect its infrastructure. MGM also launched an investigation with the assistance of leading cybersecurity experts and coordinated with law enforcement. Affected customers were notified by email as required by applicable law, and MGM arranged to provide them with credit monitoring and identity protection services at no cost.
How do I know if I was affected?
MGM Resorts has notified customers believed to be affected by the breach. If you're an MGM customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective platform or financial institution.
For more specific help and instructions related to MGM's data breach, please contact BetMGM support directly.
Where can I go to learn more?
If you want to find more information on the MGM data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the MGM data breach?
Twingate Team
•
May 24, 2024
In September 2023, MGM Resorts experienced a significant cyberattack, causing disruptions to its operations and resulting in a $100 million loss for the company's Q3 results. The attack, attributed to the hacking group Scattered Spider, a subgroup of the ALPHV ransomware gang, affected various MGM properties, including iconic locations on the Las Vegas Strip. Guests reported issues with slot machines, ATMs, digital key cards, electronic payment systems, and online reservations. The company declined to comment on whether a ransom was paid. The breach involved unauthorized access to personal information of some customers who used MGM services before March 2019.
How many accounts were compromised?
The breach impacted data related to approximately 11 million individuals.
What data was leaked?
The data exposed in the breach included credit card numbers, expiration dates, cardholder names, billing addresses, and CVV codes.
How was MGM hacked?
Hackers breached MGM's systems through an unauthorized third party, causing disruptions to operations and stealing personal information of customers who used MGM services before March 2019. The attack impacted various MGM properties, leading to issues with slot machines, ATMs, digital key cards, electronic payment systems, and online reservations. The company has since notified affected customers and offered free credit monitoring services, while also stating that security measures have been "strengthened and enhanced" since the 2019 breach.
MGM's solution
In response to the cyberattack, MGM Resorts took several measures to secure its systems and prevent future hacking incidents. This included shutting down certain systems and implementing additional safeguards to further protect its infrastructure. MGM also launched an investigation with the assistance of leading cybersecurity experts and coordinated with law enforcement. Affected customers were notified by email as required by applicable law, and MGM arranged to provide them with credit monitoring and identity protection services at no cost.
How do I know if I was affected?
MGM Resorts has notified customers believed to be affected by the breach. If you're an MGM customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective platform or financial institution.
For more specific help and instructions related to MGM's data breach, please contact BetMGM support directly.
Where can I go to learn more?
If you want to find more information on the MGM data breach, check out the following news articles:
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions