MGM Resorts International said it was the victim of a malicious cyberattack in 2020 that cost the company an estimated $100 million in losses.
The multinational hospitality and entertainment company, based in Las Vegas, revealed the attack in a statement after journalists at Bloomberg reported on the breach.
The news of the attack comes less than three weeks after MGM reported profits of $1.4 billion in fiscal 2020.
MGM said the hackers accessed the information of up to 10.6 million guests who stayed at its Las Vegas properties between the dates of March 24 and June 10, 2020, and possibly before. That included names, mailing addresses, phone numbers, and email addresses, but not birthdates, Social Security numbers or driver’s license numbers. It’s unclear if payment card information was accessed.
The company said it has been working with third-party digital forensics experts to investigate the data breach and initiated a corporatewide network security enhancement program. MGM said it was taking additional steps to ensure its security and protect its customers. They include providing fraud and credit monitoring services to customers, enhanced employee training, and updating its IT systems and security protocols.