MGM Says Computer Hack Will Cost It $100 Million In Lost Profit (reuters.com) 59
An anonymous reader quotes a report from Reuters: MGM Resorts International said on Thursday a cyberattack last month that disrupted its operations would cause a $100 million hit to its third-quarter results, as it works to restore its systems. One of the world's largest gambling firms, MGM shut down its systems after detecting the attack to contain damage, it said. It expects to also incur less than $10 million as a related one-time cost in the quarter ended on Sept. 30. After the attack last month, customers posted social media images showing slot machines with error messages and queues at hotels in Las Vegas.
A hacking group named AlphV claimed it was involved in the breach. Sources earlier told Reuters AlphV worked with another outfit named Scattered Spider to break into MGM systems and steal data to hold for extortion. MGM has declined to comment on whether it was asked for or paid any ransom. The private data of customers who used MGM services before March 2019, including contact information, gender, date of birth and driver's license numbers, was breached, the company said. "We also believe a more limited number of Social Security numbers and passport numbers were obtained," it said. "We have no evidence that the criminal actors have used this data to commit identity theft or account fraud." [...]
The company expects the breach will have a negative impact of about $100 million to its adjusted property core profit for its Las Vegas Strip division, and expects total occupancy of 93% this October versus 94% in the same month a year ago. "Virtually all of the Company's guest-facing systems have been restored," it said, adding that it expects no impact on its full-year results from the breach. MGM said it is "well-positioned" to have a strong fourth quarter with record results in November, driven mainly by a Formula One racing event slated to take place in Las Vegas.
A hacking group named AlphV claimed it was involved in the breach. Sources earlier told Reuters AlphV worked with another outfit named Scattered Spider to break into MGM systems and steal data to hold for extortion. MGM has declined to comment on whether it was asked for or paid any ransom. The private data of customers who used MGM services before March 2019, including contact information, gender, date of birth and driver's license numbers, was breached, the company said. "We also believe a more limited number of Social Security numbers and passport numbers were obtained," it said. "We have no evidence that the criminal actors have used this data to commit identity theft or account fraud." [...]
The company expects the breach will have a negative impact of about $100 million to its adjusted property core profit for its Las Vegas Strip division, and expects total occupancy of 93% this October versus 94% in the same month a year ago. "Virtually all of the Company's guest-facing systems have been restored," it said, adding that it expects no impact on its full-year results from the breach. MGM said it is "well-positioned" to have a strong fourth quarter with record results in November, driven mainly by a Formula One racing event slated to take place in Las Vegas.
Oh no (Score:2)
Anyway. https://tenor.com/view/oh-no-t... [tenor.com]
Glad they hit them (Score:4, Insightful)
Instead of hospitals.
Re: (Score:2)
Re: (Score:2)
Re:Glad they hit them (Score:4, Interesting)
Top 3 healthcare networks in the US:
Kaiser Permanente - CEO Greg Adams, 2022 pay $17.3 Million USD
Anthem/Elevance Health (name change last year) - CEO Gail Boudreaux, 2022 pay $15.5 Million USD
HCSC - CEO Maurice Smith, 2022 pay $22.1 Million USD
Nah, the criminals have pretty much taken over the hospitals and healthcare system. Hacking them is just turf warfare between the gangs.
Re: (Score:2)
Re: Glad they hit them (Score:2)
" To be on the level of these groups, a corporate executive would have to show up in already-admitted patient rooms and threaten to throw them out unless they paid more than previously agreed."
I think it's also reasonable to count denied necessary treatment in that. Why would only reactive evil count, not proactive?
Re: (Score:2)
" To be on the level of these groups, a corporate executive would have to show up in already-admitted patient rooms and threaten to throw them out unless they paid more than previously agreed."
I think it's also reasonable to count denied necessary treatment in that. Why would only reactive evil count, not proactive?
I always assumed that, in the USA, if you don't have health insurance or enough cash, the ambulance crew would just leave you by the side of the road to die.
Re: (Score:3)
Re: (Score:1)
I always assumed that, in the USA, if you don't have health insurance or enough cash, the ambulance crew would just leave you by the side of the road to die.
Yup, that's more or less it. The primary goal of Healthcare in the USA is stockholder returns, not health. If we can't make money off you anymore, it's time for you to die. You know, survival of the fittest, capitalist competition, law of the jungle, that sort of thing.
Re: (Score:2)
Re: (Score:2)
Hospitals do get hit. Criminals don't give a fuck.
Where I come from, hospitals are a public good though. In the USA they seem to be largely there just to service the healthcare needs of the super rich? Much like the US legal system etc. If you don't have enough money, don't you just get left by the side of the road by the ambulance crew?
Re: (Score:2)
Re: (Score:3)
https://www.theguardian.com/us... [theguardian.com]
"$100 million"? riiiiiiight (Score:3)
As if they didn't pull "$100 million" out of their ass.
Re: (Score:2)
I wonder if it was an insured loss. Presumably not, since if they were insured then the insurance company would have insisted on better security to avoid a $100,000,000 payout.
Re: (Score:1)
parking fees, resort fees, WiFi raping, exorbitant fees they charge for basic services, huge markups on food and drinks, and however they fence what they steal out of rooms during "safety checks."
As someone who has spent a lot of time in vegas, this is surprisingly accurate.
Re: (Score:2)
parking fees, resort fees, WiFi raping, exorbitant fees they charge for basic services, huge markups on food and drinks, and however they fence what they steal out of rooms during "safety checks."
As someone who has spent a lot of time in vegas, this is surprisingly accurate.
And this is why it's not a cheap holiday destination any more.
Also it's seriously family friendly now. Vegas is now for people who have no sense of adventure to brag to other boring people about "what happens in Vegas" because absolutely nothing happened to them. The kind of people who go on cruises.
If I were into gambling I might check out Reno, but I'm not. So if I'm going to spend stupid money on a holiday I may as well go to a city I like, such as San Francisco or one I've never been to before lik
Re: (Score:1)
Nothing was actually lost. It was just a change to their future occupancy projections.
Re: (Score:3)
If the slot machines weren't working at several locations for several days, that is lost revenue. They can do a rough estimate based on historical data.
If their hotel booking was down for several days, that is lost revenue. They can do a rough estimate based on historical data OR the number of failed of attempts to book a room.
On the IT side, how many man hours at what rate was involved to figure out what was going on, how to mitigate it
Re: (Score:2)
That's just off the top of my head. Saying they'll take a $100 million hit to profits is perfectly reasonable for an organization that size.
Slot machines down for several days, booking down, IT costs... sure, it's lost revenue, and sure, it'll add up to quite a lot. All those factors combined and the total comes out to $100,000,000? Sure, and I actually had exactly $12,950 in deductions on my taxes too (the standard deduction), and the car my friend gifted me was worth $16,000.
Casino owner (Score:2)
gets a taste of what it feels like to get swindled.
Re: (Score:2)
Re: (Score:1)
Re: (Score:3)
MGM isn't swindling anybody. MGM is dealing at scales that mean they can rely on straight up statistics to run their business. The odds are available to anybody interested in looking for them. There may be some smaller players that still engage in shady behaviours, but the larger you get the more you simply work within the math.
Re: (Score:2)
Re: (Score:2)
A crack dealer that isn't cutting the product is not swindling anybody. Crack dealers who swindle their clients get shot.
Disapproving of something doesn't make it dishonest. By your definition, every french patisserie is swindling their fat, diabetic clients.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I don't think you understand what the word "swindle" means. It involves deception or fraud.
The pastry chef is offering fat and sugar. There's no subterfuge. It's straight up transactional - as is MGM's behaviour.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
All you've done is push the argument away from the fact that the complaint is about "swindle", and you've made it esoteric enough to be useless to continue.
You... win?
Re: (Score:2)
Okay (Score:2)
So now you take that lesson home and spend $100,000,000 more on IT security over the next 10 years?
Re: (Score:3)
Re: (Score:2)
250k or 1.5M is pocket change compared to this clusterfuck here [reuters.com]. Sometimes people really are that stupid.
Re: (Score:2)
The concept of Las Vegas re-examined (Score:2)
Solution: Casinos
In a burning world, people fly out there, run AC nonstop for the thrill of a bit of gambling - giving your money away
All casinos should be paying a global warming tax.
Re: (Score:2)
All casinos should be paying a global warming tax.
All everyone and everything should be paying a carbon tax. That's the only way to get money behind decarbonization under capitalism.
Translations (Score:1)
MGM has declined to comment on whether it was asked for or paid any ransom.
MGM don't know if some fuckup caved and gave in but then the hackers decided "lol, it was never about the money" and decided to fuck MGM anyway.
The private data of customers who used MGM services before March 2019, including contact information, gender, date of birth and driver's license numbers, was breached, the company said.
MGM has taken the opportunity to declare declare secure information bankruptcy: any incompetence or employee corruption in processes leading to loss of private information will be blamed on the hack as part of dynamic ass-covering. Going forward MGM are excited to have this scapegoat and investors should feel confident that fuckups before this date can no longer be
My heart bleeds (Score:3)
Classical case of "save a million, lose 100 million", or in other words, greedy stupid management. They brought this on themselves.
Meh, they'll write it off their taxes (Score:2)
One of the cool things about being rich is that you tie your wealth up into properties and when they lose money you get to take those losses and spread them out across them over years.
Imagine if you could tell the IRS "I only made $3.25/hr back in the 90s but I make $50/hr now, so I'm gonna book those losses now and only pay taxes like I earn $3.25/hr". That is how a mega corp do.
Re: (Score:2)
Yep, probably. Which is why we need people to go to prison for negligence this gross.
Re: (Score:2)
They would just jail the IT worker though.
The MGM Resorts Attack: Initial Analysis (Score:5, Informative)
Re: (Score:2)
Black Swan by NN Taleb (Score:1)
Had a lot to say about Vegas casinos, very little of it good. They're a classic (negative) Black Swan business, in that their four greatest losses were due to unpredictable Black Swan events and had nothing to do with cheating, which they've over-defended against in classic Mediocristan (read the book) logic. This hack is definitely the fifth major loss and also a Black Swan.
Re: (Score:2)
You will pay for security (Score:2)
One way or another.
Either for having it or for not having it. Having it is usually cheaper in the long run.
Teens vs. Mobsters (Score:2)
Boy I wouldn't want to be those nineteen year olds.
$100 million in what, now? (Score:2)
Let's just put that all in perspective... while I obviously don't condone what the hackers did, that "lost profit" figure -- assuming that we take at face value that it's a genuine figure -- is really just $100 million of money that casinos didn't get to bilk out of their vast customer base... a disproportionate number of whom are gambling addicts who are constantly struggling with their finances.
So, you know... I'm not so sure I can find it in my heart to feel sorry for MGM, here.
One-time cost of $10 million (Score:2)