Cyberattack troubles persist for MGM Resorts as regulatory bodies initiate investigations
In the heart of the gaming industry, MGM Resorts finds itself embroiled in a high-profile cybersecurity incident that occurred last year. The company was targeted in a social engineering attack linked to the Scattered Spider and AlphV/BlackCat ransomware groups, resulting in one of the most significant cyberattacks in the U.S.
The attack disrupted MGM operations significantly, causing over $100 million in financial losses. As of mid-2025, federal and state investigations into the incident have progressed, with the attack being attributed to Scattered Spider, a subgroup of the ALPHV/BlackCat ransomware gang.
Detailed forensic findings emerged in 2024, clarifying the attack vector and ransomware extortion tactics involving double-extortion (encrypting data plus stealing and threatening release). More than 142 million customer records stolen from MGM Resorts were leaked publicly on Telegram in August 2025, exposing sensitive personal information such as names, emails, postal addresses, and phone numbers.
In response to the breach, there is now an ongoing settlement program to compensate affected customers as part of class-action suits launched in 2025. Notably, the Department of Justice indicted individuals linked to Scattered Spider for phishing-related credential theft in November 2024.
MGM Resorts has a cyber resilience strategy in place, which includes quarterly reports from an audit committee, annual assessments from outside experts, and other resilience measures. However, the company warns it could face monetary fines and other actions as a result of the investigations.
During its fourth quarter conference call earlier this month, CFO Jonathan Halkyard mentioned that there were "lingering cyber incident challenges" impacting the regional properties. Officially, the Nevada Gaming Control Board, the Federal Trade Commission, and the Securities and Exchange Commission declined comment.
The attacks left many hotel guests locked out of rooms, disrupted casino operations, and temporarily impacted online reservations. The company disclosed this information in a 10-K filing with the Securities and Exchange Commission.
It is not clear whether MGM Resorts' cybersecurity insurance will be able to fully cover all related claims. The company operates more than 30 hotel and casino properties around the world, and the cyberattack has had a ripple effect, with Las Vegas bookings briefly impacted in October as some hotel guests cancelled reservations following the attack.
In a separate development, the SEC filed a civil suit against SolarWinds and its CISO in October, alleging the company failed to disclose known cybersecurity risks to investors. The FTC and SEC have ramped up investigations across industries to examine whether organisations have taken proper measures to protect customer data.
As the investigations continue, MGM Resorts remains committed to enhancing its cybersecurity measures to prevent future incidents and safeguard its customers' personal information.
- Despite MGM Resorts' implementation of a cyber resilience strategy and regular audits, the company is still facing potential fines and actions due to the 2024 ransomware attack by Scattered Spider, which affected more than 142 million customer records, disrupting hotel operations and online reservations.
- In the gaming and technology sector, cybersecurity remains a critical concern, with the FBI attributing the MGM Resorts' ransomware attack to a subgroup of the ALPHV/BlackCat ransomware gang, and the SEC filing a civil suit against SolarWinds for failing to disclose cybersecurity risks to investors.
- As a result of the cyberattack, MGM Resorts is not only grappling with financial losses worth over $100 million but also dealing with the fallout on its casino-and-gambling culture, including temporary disruptions in casino games and casino-culture experiences.
