In its filing, MGM added that it does not believe that customer passwords or payment details were obtained during the attack.
MGM spokespeople Andrew Chapman and Brian Ahern have repeatedly declined to answer TechCrunch’s questions about the incident. It’s not yet known how many individuals have been affected by the data breach, but MGM’s resorts attract tens of millions of visitors each year. For a limited number of customers, hackers also accessed Social Security numbers and passport details, the company said. This includes names, contact information, gender, dates of birth and driver license number. In a regulatory filing on Thursday, the company admitted that the hackers responsible for the attack obtained some personal information belonging to customers who transacted with MGM Resorts prior to March 2019. The cyberattack, which was days later claimed by hackers from ALPHV subgroup Scattered Spider, caused widespread disruption across MGM’s properties, shutting down ATMs and slot machines and pulling the company’s website and online booking systems offline.
The hotel and casino giant first disclosed it had been targeted by a large-scale cyberattack on September 11. MGM Resorts has confirmed hackers stole an unspecified amount of customers’ personal information during a September cyberattack that will cost the hotel and casino giant an estimated $100 million.