Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack, Ransomware and Breach.

Total Financial Loss: The total financial loss from these incidents is estimated to be $300 million.

Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with identity theft protection services offered, and incident response plan activated with likely (for mgm and caesars, given public disclosure), and third party assistance with stealth iss group (cybersecurity consulting mentioned), and law enforcement notified with yes (17-year-old hacker arrested; case in juvenile court), and communication strategy with limited (some breaches never made the news), and and third party assistance with ir retainers, third party assistance with forensics teams, third party assistance with third-party monitoring, and containment measures with network isolation, containment measures with edr uplift, containment measures with ai-driven triage, and remediation measures with security rebuild, remediation measures with audit controls, remediation measures with tooling refresh, and recovery measures with data review/ediscovery, recovery measures with system restore, and communication strategy with sec-mandated disclosure (4 business days), communication strategy with customer notification, communication strategy with call center support, and enhanced monitoring with post-breach audits, enhanced monitoring with continuous threat detection..

Common Attack Types: The most common types of attacks the company has faced is Ransomware.

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing, VishingSIM-swappingMFA Fatigue Attacks, Gaming SitesSwatting, Social Engineering, Phishing, social engineering (voice cloning, deepfakes)exploiting publicly available data (e.g., YouTube videos)cloud misconfigurations and PhishingCredential TheftPrivilege Misuse.

Average Financial Loss: The average financial loss per incident is $42.86 million.

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Social Security Numbers, , Personal Information, Potentially Financial Data, Employee Records, , Customer Records, Pii, High-Value Target Data and .

Incident Response Plan: The company's incident response plan is described as Likely (for MGM and Caesars, given public disclosure), .

Third-Party Assistance: The company involves third-party assistance in incident response through Stealth ISS Group (cybersecurity consulting mentioned), IR Retainers, Forensics Teams, Third-Party Monitoring, .

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Identity theft protection services offered, , Security Rebuild, Audit Controls, Tooling Refresh, .

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by network isolation, edr uplift, ai-driven triage and .

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Data Review/eDiscovery, System Restore, .

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Ongoing (17-year-old hacker's case in court), Class Actions, Agency Settlements, .

Key Lessons Learned: The key lessons learned from past incidents are The incident highlights the need for comprehensive identity governance, advanced behavioral analytics, and security architectures that assume compromise rather than attempting to prevent all intrusions.AI tools lower the barrier for cyberattacks, enabling faster and more sophisticated breaches (e.g., voice cloning, deepfakes).,Social engineering remains a critical vulnerability, especially with publicly available data (e.g., YouTube videos).,Cloud storage does not guarantee security and may introduce additional risks if not properly managed.,Adversarial nations are systematically training young hackers for cyber espionage against U.S. targets.,Password hygiene (e.g., changing passwords every 6 months) is essential but insufficient alone to prevent breaches.Faster detection/containment reduces costs significantly (2025’s 9% global decline).,Identity controls (MFA, SSO hardening) mitigate most breaches (DBIR 2025).,Ransomware recovery costs exceed ransom payments; budget for recovery over paying.,SEC rules shorten response windows, increasing legal/operational pressure.,Data minimization and retention hygiene reduce per-record costs.

Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Implement phishing-resistant multi-factor authentication, enhance help desk security procedures, secure virtualization infrastructure and and improve cloud security measures..

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: SEC Filing, and Source: SOSIntelligence, and Source: FBI, and Source: Maine Office of the Attorney GeneralDate Accessed: 2022-12-21, and Source: Cybersecurity Reports, and Source: News 3 Las Vegas, and Source: Stealth ISS Group (Dasha Davies, President & CISO), and Source: IBM Cost of a Data Breach Report 2025, and Source: Verizon Data Breach Investigations Report (DBIR) 2025, and Source: Coveware/Chainalysis Ransomware Trend Trackers.

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Limited (some breaches never made the news), Sec-Mandated Disclosure (4 Business Days), Customer Notification and Call Center Support.

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Limited (some breaches not publicly disclosed), Sec-Mandated Disclosures, Board Communications, Regulatory Reporting, Notification Letters, Credit Monitoring Services, Call Center Support and .

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Stealth ISS Group (cybersecurity consulting mentioned), Ir Retainers, Forensics Teams, Third-Party Monitoring, , Post-Breach Audits, Continuous Threat Detection, .

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Enhance identity and access management, improve help desk security procedures, and implement advanced behavioral analytics., Transition Critical Data From Cloud To Local Storage With Enhanced Security., Deploy Advanced Threat Detection For Ai-Generated Attacks (E.G., Voice/Deepfake Detection)., Strengthen Password Policies And Enforce Mfa Across All Systems., Collaborate With Law Enforcement And Cybersecurity Firms (E.G., Stealth Iss Group) For Proactive Defense., , Implement Ai-Governed Detection/Automation., Hardening Mfa/Sso And Session Controls., Reduce Mean Time To Identify/Contain (Target <200 Days)., Conduct Disclosure Tabletop Exercises For Sec Compliance., Refresh Security Tooling And Audit Controls Post-Incident., .

Ransom Payment History: The company has Paid ransoms in the past.

Last Attacking Group: The attacking group in the last incident were an ALPHV, SCATTERED SPIDER, The Com, Scattered Spider (UNC3944, Octo Tempest, 0ktapus, Muddled Libra, Scatter Swine), 17-year-old hacker from Illinois (arrested)state-sponsored hackers (China, Russia, North Korea implied)young hackers (as young as 13–14 and trained in cyber academies).

Most Recent Incident Detected: The most recent incident detected was on 2022-11-28.

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2022-12-21.

Highest Financial Loss: The highest financial loss from an incident was {'global_avg': '4.44 million USD', 'us_avg': '10.22 million USD', 'healthcare_avg': '7.42 million USD', 'per_record_cost': '130–230 USD (planning band)', 'example_estimate': '35.55 million USD (200k records)'}.

Most Significant Data Compromised: The most significant data compromised in an incident were Social Security numbers, , personal information, potentially payment data, employee/customer records and .

Most Significant System Affected: The most significant system affected in an incident was WebsiteSmartphone AppsElectronic PaymentsDigital Key CardsSlot MachinesATMsPaid Parking Systems and OktaActive DirectoryAzure AD and .

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Stealth ISS Group (cybersecurity consulting mentioned), ir retainers, forensics teams, third-party monitoring, .

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Network IsolationEDR UpliftAI-Driven Triage.

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were personal information, Social Security numbers, employee/customer records and potentially payment data.

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 200.5K.

Highest Ransom Paid: The highest ransom paid in a ransomware incident was {'payment_rate': '~23% (2025 low)', 'trend': 'Declining (Fewer Organizations Paying)'}.

Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Ongoing (17-year-old hacker's case in court), Class Actions, Agency Settlements, .

Most Significant Lesson Learned: The most significant lesson learned from past incidents was Data minimization and retention hygiene reduce per-record costs.

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Treat detection, IR runbooks, and customer communications as capital investments., Avoid storing critical data in the cloud; prefer local storage for sensitive information., Invest in AI-driven detection/automation (governed to avoid risk exposure)., Businesses should conduct frequent security audits to identify and address gaps in defenses., Enhance monitoring for unusual activity, especially in high-risk industries (e.g., gaming, healthcare, finance)., Test response readiness with disclosure tabletop exercises., Educate employees and users on AI-driven threats (e.g., voice cloning, deepfake phishing)., Adopt data minimization strategies to lower per-record breach costs., Implement phishing-resistant multi-factor authentication, enhance help desk security procedures, secure virtualization infrastructure, and improve cloud security measures., Implement multi-factor authentication (MFA) and strict access controls to mitigate social engineering risks., Prioritize identity-first security (phishing-resistant MFA, session controls)., Regularly update passwords and monitor for unauthorized access and assuming breaches are inevitable..

Most Recent Source: The most recent source of information about an incident are IBM Cost of a Data Breach Report 2025, Stealth ISS Group (Dasha Davies, President & CISO), SEC Filing, SOSIntelligence, Maine Office of the Attorney General, News 3 Las Vegas, FBI, Coveware/Chainalysis Ransomware Trend Trackers, Cybersecurity Reports and Verizon Data Breach Investigations Report (DBIR) 2025.

Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.

Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was SEC-Mandated Disclosures, Board Communications, Regulatory Reporting, .

Most Recent Customer Advisory: The most recent customer advisory issued were an Limited (some breaches not publicly disclosed) and Notification LettersCredit Monitoring ServicesCall Center Support.

Most Recent Entry Point: The most recent entry point used by an initial access broker were an Social Engineering, Phishing and Phishing.

Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Human Factors, Sophisticated social engineering, abuse of legitimate administrative tools, and targeting of virtualization infrastructure., Over-reliance on cloud storage without proper security controls.Lack of user awareness about AI-driven social engineering tactics.Insufficient protection for publicly available personal data (e.g., voice/video recordings).State-sponsored training of young hackers exacerbating the threat landscape., Slow Detection/Escalation (2024’s top cost driver)Weak Identity Controls (80%+ breaches involve credentials per DBIR)Ungoverned AI Systems (Increase Risk Exposure).

Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Enhance identity and access management, improve help desk security procedures, and implement advanced behavioral analytics., Transition critical data from cloud to local storage with enhanced security.Deploy advanced threat detection for AI-generated attacks (e.g., voice/deepfake detection).Strengthen password policies and enforce MFA across all systems.Collaborate with law enforcement and cybersecurity firms (e.g., Stealth ISS Group) for proactive defense., Implement AI-governed detection/automation.Hardening MFA/SSO and session controls.Reduce mean time to identify/contain (target <200 days).Conduct disclosure tabletop exercises for SEC compliance.Refresh security tooling and audit controls post-incident..