Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Businesses Security

MGM Says Computer Hack Will Cost It $100 Million In Lost Profit (reuters.com) 59

An anonymous reader quotes a report from Reuters: MGM Resorts International said on Thursday a cyberattack last month that disrupted its operations would cause a $100 million hit to its third-quarter results, as it works to restore its systems. One of the world's largest gambling firms, MGM shut down its systems after detecting the attack to contain damage, it said. It expects to also incur less than $10 million as a related one-time cost in the quarter ended on Sept. 30. After the attack last month, customers posted social media images showing slot machines with error messages and queues at hotels in Las Vegas.

A hacking group named AlphV claimed it was involved in the breach. Sources earlier told Reuters AlphV worked with another outfit named Scattered Spider to break into MGM systems and steal data to hold for extortion. MGM has declined to comment on whether it was asked for or paid any ransom. The private data of customers who used MGM services before March 2019, including contact information, gender, date of birth and driver's license numbers, was breached, the company said. "We also believe a more limited number of Social Security numbers and passport numbers were obtained," it said. "We have no evidence that the criminal actors have used this data to commit identity theft or account fraud." [...]

The company expects the breach will have a negative impact of about $100 million to its adjusted property core profit for its Las Vegas Strip division, and expects total occupancy of 93% this October versus 94% in the same month a year ago. "Virtually all of the Company's guest-facing systems have been restored," it said, adding that it expects no impact on its full-year results from the breach. MGM said it is "well-positioned" to have a strong fourth quarter with record results in November, driven mainly by a Formula One racing event slated to take place in Las Vegas.

This discussion has been archived. No new comments can be posted.

MGM Says Computer Hack Will Cost It $100 Million In Lost Profit

Comments Filter:
  • Glad they hit them (Score:4, Insightful)

    by nospam007 ( 722110 ) * on Friday October 06, 2023 @08:09AM (#63905561)

    Instead of hospitals.

    • Hospitals do get hit. Criminals don't give a fuck.
      • There was a time when hospitals were considered off limits by the criminal/hacking world. Not any more.
        • by lrichardson ( 220639 ) on Friday October 06, 2023 @11:03AM (#63906081) Homepage

          Top 3 healthcare networks in the US:

          Kaiser Permanente - CEO Greg Adams, 2022 pay $17.3 Million USD

          Anthem/Elevance Health (name change last year) - CEO Gail Boudreaux, 2022 pay $15.5 Million USD

          HCSC - CEO Maurice Smith, 2022 pay $22.1 Million USD

          ...

          Nah, the criminals have pretty much taken over the hospitals and healthcare system. Hacking them is just turf warfare between the gangs.

          • Keep in mind these are ransom attacks: A targeted hospital's function is threatened, which means the patients in it are threatened too. To be on the level of these groups, a corporate executive would have to show up in already-admitted patient rooms and threaten to throw them out unless they paid more than previously agreed.
            • " To be on the level of these groups, a corporate executive would have to show up in already-admitted patient rooms and threaten to throw them out unless they paid more than previously agreed."

              I think it's also reasonable to count denied necessary treatment in that. Why would only reactive evil count, not proactive?

              • " To be on the level of these groups, a corporate executive would have to show up in already-admitted patient rooms and threaten to throw them out unless they paid more than previously agreed."

                I think it's also reasonable to count denied necessary treatment in that. Why would only reactive evil count, not proactive?

                I always assumed that, in the USA, if you don't have health insurance or enough cash, the ambulance crew would just leave you by the side of the road to die.

                • Comment removed based on user account deletion
                • I always assumed that, in the USA, if you don't have health insurance or enough cash, the ambulance crew would just leave you by the side of the road to die.

                  Yup, that's more or less it. The primary goal of Healthcare in the USA is stockholder returns, not health. If we can't make money off you anymore, it's time for you to die. You know, survival of the fittest, capitalist competition, law of the jungle, that sort of thing.

              • I agree on an emotional level, but where does the money come from to treat everyone if the government won't fund them? Cut executive salaries down to something conscionable and all you'd get is a few months of free triage care before a hospital folds. Remember that they have equipment and pharma suppliers that are also for-profit companies run by sons of bitches.
      • Hospitals do get hit. Criminals don't give a fuck.

        Where I come from, hospitals are a public good though. In the USA they seem to be largely there just to service the healthcare needs of the super rich? Much like the US legal system etc. If you don't have enough money, don't you just get left by the side of the road by the ambulance crew?

        • Results vary from state to state, and in high-population places it can vary county and county. There are good programs here and there, but nothing too comprehensive. Sometimes the issue is lack of care, but the more common one is people bankrupted after receiving care.
  • by unrtst ( 777550 ) on Friday October 06, 2023 @08:20AM (#63905595)

    As if they didn't pull "$100 million" out of their ass.

    • by AmiMoJo ( 196126 )

      I wonder if it was an insured loss. Presumably not, since if they were insured then the insurance company would have insisted on better security to avoid a $100,000,000 payout.

    • Nothing was actually lost. It was just a change to their future occupancy projections.

    • As if they didn't pull "$100 million" out of their ass.

      If the slot machines weren't working at several locations for several days, that is lost revenue. They can do a rough estimate based on historical data.

      If their hotel booking was down for several days, that is lost revenue. They can do a rough estimate based on historical data OR the number of failed of attempts to book a room.

      On the IT side, how many man hours at what rate was involved to figure out what was going on, how to mitigate it
      • by unrtst ( 777550 )

        That's just off the top of my head. Saying they'll take a $100 million hit to profits is perfectly reasonable for an organization that size.

        Slot machines down for several days, booking down, IT costs... sure, it's lost revenue, and sure, it'll add up to quite a lot. All those factors combined and the total comes out to $100,000,000? Sure, and I actually had exactly $12,950 in deductions on my taxes too (the standard deduction), and the car my friend gifted me was worth $16,000.

  • gets a taste of what it feels like to get swindled.

    • The Hackers are about to learn why you never double-cross the Mafia.
    • MGM isn't swindling anybody. MGM is dealing at scales that mean they can rely on straight up statistics to run their business. The odds are available to anybody interested in looking for them. There may be some smaller players that still engage in shady behaviours, but the larger you get the more you simply work within the math.

      • Comment removed based on user account deletion
      • by kmoser ( 1469707 )
        They're doing what their customers have been doing: gambling. Specifically, MGM gambled that they were putting enough money into computer security, but unfortunately they lost that bet. In other words, had they spent more money (but significantly less than $100 million) on security, they could have prevented this.
  • by Barny ( 103770 )

    So now you take that lesson home and spend $100,000,000 more on IT security over the next 10 years?

  • The smart people of Las Vegas wondered how can we get people to go to a desert in the middle of no where?
    Solution: Casinos
    In a burning world, people fly out there, run AC nonstop for the thrill of a bit of gambling - giving your money away
    All casinos should be paying a global warming tax.
    • All casinos should be paying a global warming tax.

      All everyone and everything should be paying a carbon tax. That's the only way to get money behind decarbonization under capitalism.

  • MGM has declined to comment on whether it was asked for or paid any ransom.

    MGM don't know if some fuckup caved and gave in but then the hackers decided "lol, it was never about the money" and decided to fuck MGM anyway.

    The private data of customers who used MGM services before March 2019, including contact information, gender, date of birth and driver's license numbers, was breached, the company said.

    MGM has taken the opportunity to declare declare secure information bankruptcy: any incompetence or employee corruption in processes leading to loss of private information will be blamed on the hack as part of dynamic ass-covering. Going forward MGM are excited to have this scapegoat and investors should feel confident that fuckups before this date can no longer be

  • by gweihir ( 88907 ) on Friday October 06, 2023 @09:49AM (#63905853)

    Classical case of "save a million, lose 100 million", or in other words, greedy stupid management. They brought this on themselves.

    • for the next 20 years.

      One of the cool things about being rich is that you tie your wealth up into properties and when they lose money you get to take those losses and spread them out across them over years.

      Imagine if you could tell the IRS "I only made $3.25/hr back in the 90s but I make $50/hr now, so I'm gonna book those losses now and only pay taxes like I earn $3.25/hr". That is how a mega corp do.
  • Comment removed based on user account deletion
  • Had a lot to say about Vegas casinos, very little of it good. They're a classic (negative) Black Swan business, in that their four greatest losses were due to unpredictable Black Swan events and had nothing to do with cheating, which they've over-defended against in classic Mediocristan (read the book) logic. This hack is definitely the fifth major loss and also a Black Swan.

  • Comment removed based on user account deletion
  • One way or another.

    Either for having it or for not having it. Having it is usually cheaper in the long run.

  • Boy I wouldn't want to be those nineteen year olds.

  • Let's just put that all in perspective... while I obviously don't condone what the hackers did, that "lost profit" figure -- assuming that we take at face value that it's a genuine figure -- is really just $100 million of money that casinos didn't get to bilk out of their vast customer base... a disproportionate number of whom are gambling addicts who are constantly struggling with their finances.

    So, you know... I'm not so sure I can find it in my heart to feel sorry for MGM, here.

  • i.e. we paid the ransom.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...