LAS VEGAS (KTNV) — New financial filings and MGM leadership statements reveal more about the full scope of the September 12 cyberattack on company assets.
MGM Resorts CEO Bill Hornbuckle released a statement Thursday detailing which information was, or was not, stolen during the company's "cyber incident" in September.
Hackers hit the MGM Resorts company last month, impacting properties and customers across the country.
In an SEC filing released October 5, MGM estimates "a negative impact from the cybersecurity issue in September of approximately $100 million to Adjusted Property EBITDAR for the Las Vegas Strip Resorts and Regional Operations, collectively."
While company officials believe their cybersecurity insurance will cover most of the impact, exact figures are still unknown.
Hornbuckle talked about the attack's client impact in Thursday's statement, saying no customer bank account numbers or payment card information details were compromised.
However, he did admit that the following pieces of information from some customers who transacted through the company prior to March 2019 were compromised:
- Name
- Contact information
- Gender
- Date of birth
- Drivers license number
- Social Security Numbers
- Passport numbers
Hornbuckle said the SSN and passport information impacted a more limited number of people.
RELATED: Safeguarding against cybercrime can be complicated and costly, experts say
"We have no evidence that the criminal actors have used this data to commit identity theft or account fraud," said Hornbuckle.
To remedy the stolen information, the CEO revealed that MGM is rebuilding their IT systems and offering free identity protection and credit monitoring assistance. More on that here.
The financial report from MGM points specifically to F1 Las Vegas Grand Prix profits in predicting a total rebound to normal by the end of November.
Full statement from CEO Hornbuckle here.