MRI
Company Details
Linkedin ID:
mgm-resorts-international
Website:
Employees number:
26,151
Number of followers:
195,819
NAICS:
7211
Industry Type:
Homepage:
http://www.mgmresorts.com
IP Addresses:
0
Company ID:
MGM_1983035
Scan Status:
In-progress
MGM Resorts International Company CyberSecurity Posture
http://www.mgmresorts.com
The resorts and casinos of MGM Resorts International™ are some of the most famous in the world. Our 28 destinations are renowned for their winning combination of quality entertainment, luxurious facilities, and exceptional customer service. We are actively expanding our presence globally, with potential developments in a number of domestic and international markets. At MGM Resorts International, we are all striving together to deliver an enticing blend of entertainment to every corner of the world. Many of our resorts are located in Las Vegas. Las Vegas features three of the largest convention centers in the U.S., spectacular entertainment, attractions, shopping, and world-famous resorts. Whether dancing fountains, incredible stage productions, casino action, museums or natural attractions such as Lake Mead, Vegas offers something for everyone. A stroll down our streets takes you around the globe, with recreations like climbing to the top of the Eiffel Tower or taking a Venetian gondola ride. From shimmering resort pools and spa rejuvenation to nonstop nightlife, Las Vegas promises an unforgettable career destination. With all of our unique and spectacular resorts and casinos, MGM Resorts International has a world of opportunities for you to discover excitement and rewards as you provide our guests with a wonderful and memorable experience. Take a closer look at our properties. We think you'll find an opportunity that's right for you. The 81,000 global employees of MGM Resorts are proud to be recognized as one of FORTUNE® Magazine’s World’s Most Admired Companies®.
MGM Resorts International A.I CyberSecurity Scoring
MRI Risk Score (AI oriented)Between 0 and 549
MRI
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
MRI Global Score (TPRM)XXXX
MRI
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
MRI Company CyberSecurity News & History
Past Incidents
11
Attack Types
3
MGM Resorts International
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The Maine Office of the Attorney General reported a data breach notification from MGM Resorts International on October 5, 2023. The breach occurred from September 8 to September 12, 2023, involving unauthorized access to personal information, including driver's license numbers. The total number of affected individuals is unknown, and identity theft protection services are being offered through Experian.
BetMGM, LLC
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The Maine Office of the Attorney General reported a data breach involving BetMGM, LLC on December 21, 2022. The breach occurred between May 21 and May 23, 2022, potentially affecting 459 residents, with compromised information including Social Security numbers. An investigation began following the company discovering the issue on November 28, 2022, and identity theft protection services were offered.
MGM Resorts
Breach
Rankiteo Explanation
Attack threatening the economy of geographical region
Description: The cybercriminal group Scattered Spider targeted MGM Resorts in a high-profile attack, resulting in the theft of approximately 6 terabytes of data and causing over $100 million in damages. The group's primary attack vector was social engineering, particularly through help desk impersonation. The stolen data and financial losses highlight the significant impact of the attack on the organization's reputation and financial stability.
MGM Resorts International
Cyber Attack
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Caesars Entertainment revealed in an SEC filing that the company had been the victim of a social engineering attack on an outsourced IT support vendor used by the company. The website and smartphone apps for the corporation have been down for almost a week. Weeks before the attack on MGM Resorts, Caesars was attacked. The attack severely disrupted MGM's operations, making check-in for visitors a lengthy process and rendering electronic payments, digital key cards, slot machines, ATMs, and paid parking systems useless. Known ransomware-as-a-service organizations seem to have targeted both businesses. ALPHV.
MGM Resorts International
Cyber Attack
Rankiteo Explanation
Attack threatening the organization’s existence
Description: In 2022, MGM Resorts International suffered a major cyber attack orchestrated by a 17-year-old hacker from Illinois, exploiting AI-driven social engineering and advanced hacking techniques. The breach caused an estimated **$200 million in damages**, disrupting operations, compromising customer and employee data, and severely impacting the company’s reputation. The attack led to system outages, financial losses, and potential long-term trust erosion among clients. The hacker leveraged AI tools to bypass security protocols, demonstrating how emerging technologies enable even inexperienced criminals to execute high-impact cyberattacks. The incident also highlighted vulnerabilities in Las Vegas’s casino industry, a prime target due to the vast amounts of personal and financial data collected. The case remains under legal review, with authorities debating whether to prosecute the minor as an adult, underscoring the escalating sophistication and audacity of cyber threats in critical sectors like hospitality and gaming.
MGM Resorts
Cyber Attack
Rankiteo Explanation
Attack threatening the organization’s existence
Description: MGM Resorts has been the target of high-profile cyberattacks by a subgroup of The Com known as Scattered Spider. These attacks have led to significant data breaches, compromising sensitive customer information and causing financial losses. The group's sophisticated methods and diverse criminal activities, including ransomware, extortion, and cryptocurrency theft, have caused widespread concern in the retail, insurance, and airline industries.
MGM Resorts International
Ransomware
Rankiteo Explanation
Attack threatening the economy of geographical region
Description: In late 2023, MGM Resorts International fell victim to a devastating cyberattack orchestrated by the hacking collective **Scattered Spider**, leveraging **BlackCat ransomware**. The attack, executed through sophisticated social engineering and network intrusions, resulted in the exfiltration of confidential data, followed by threats to leak the information and disrupt operations via DDoS attacks. The financial toll exceeded **$100 million** in damages, with Caesars Entertainment (another targeted casino operator) paying a **$15 million ransom** to mitigate the fallout. The breach severely disrupted MGM’s operations, including slot machines, hotel reservations, and digital payment systems, causing widespread outages and reputational harm. Authorities later linked a **17-year-old local suspect** to the attack, alleging his involvement in extorting **$1.8 million in Bitcoin**, which remains unrecovered. The incident underscored vulnerabilities in critical infrastructure, exposing how ransomware groups exploit human and technical weaknesses to cripple high-profile targets.
MGM Resorts International
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: In 2023–2024, MGM Resorts suffered a **catastrophic cyber attack** attributed to the **Scattered Spider** hacking group (affiliated with ALPHV/BlackCat ransomware). The breach began with a **social engineering attack** targeting an employee via LinkedIn, leading to credential theft and unauthorized access to MGM’s IT systems. The attackers **encrypted over 100 ESXi hypervisors**, disrupting operations across multiple properties, including slot machines, hotel reservations, and digital key systems. The outage lasted **10 days**, causing **$100M+ in losses** from downtime, recovery, and reputational damage. While MGM refused to pay the ransom, the incident triggered **class-action lawsuits**, regulatory scrutiny, and long-term customer churn. The attack exposed vulnerabilities in **identity management** and third-party access controls, aligning with 2025 trends where **credential theft** and **phishing-resistant MFA gaps** dominate high-impact breaches. The financial and operational fallout underscored the **existential threat** posed by ransomware to large enterprises, particularly in hospitality and gaming sectors.
MGM Resorts International
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: MGM Resorts International suffered a ransomware attack in September 2023, significantly disrupting operations across its Las Vegas properties. The digital systems for managing casinos and hotels were incapacitated, preventing credit card transactions and forcing guests to seek alternative accommodations. Staff had to manually compute slot machine outcomes due to the systems' unavailability. Over 37 million customers and a trove of business information were affected, and hackers associated with the BlackCat/Alphv gang later claimed responsibility. The incident led to a substantial financial loss for the company, estimated at about $100 million, and triggered a sequence of class action lawsuits resulting in a $45 million settlement.
MGM Resorts
Ransomware
Rankiteo Explanation
Attack threatening the economy of geographical region
Description: The cybercriminal group SCATTERED SPIDER executed a sophisticated phone-based social engineering attack on MGM Resorts, leading to widespread IT disruption across its casinos and hotels. The attackers, using their linguistic and cultural fluency, impersonated legitimate employees to bypass multi-factor authentication and gain initial access. This attack caused significant operational disruptions, affecting critical sectors including hospitality, and demonstrated the vulnerability of well-defended organizations to human-centric intrusion strategies.
MGM Resorts
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: Scattered Spider executed a sophisticated cyberattack on MGM Resorts, leveraging advanced social engineering and hypervisor-level ransomware tactics. The attack resulted in operational disruptions, financial losses exceeding $100 million, and significant reputational damage. The group exploited VMware vSphere environments, deployed DragonForce ransomware, and maintained persistent access despite active incident response efforts.
MRI Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for MRI
Incidents vs Hospitality Industry Average (This Year)
MGM Resorts International has 426.32% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
MGM Resorts International has 525.0% more incidents than the average of all companies with at least one recorded incident.
Incident Types MRI vs Hospitality Industry Avg (This Year)
MGM Resorts International reported 4 incidents this year: 1 cyber attacks, 2 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — MRI (X = Date, Y = Severity)
MRI cyber incidents detection timeline including parent company and subsidiaries
MRI Company Subsidiaries
The resorts and casinos of MGM Resorts International™ are some of the most famous in the world. Our 28 destinations are renowned for their winning combination of quality entertainment, luxurious facilities, and exceptional customer service. We are actively expanding our presence globally, with potential developments in a number of domestic and international markets. At MGM Resorts International, we are all striving together to deliver an enticing blend of entertainment to every corner of the world. Many of our resorts are located in Las Vegas. Las Vegas features three of the largest convention centers in the U.S., spectacular entertainment, attractions, shopping, and world-famous resorts. Whether dancing fountains, incredible stage productions, casino action, museums or natural attractions such as Lake Mead, Vegas offers something for everyone. A stroll down our streets takes you around the globe, with recreations like climbing to the top of the Eiffel Tower or taking a Venetian gondola ride. From shimmering resort pools and spa rejuvenation to nonstop nightlife, Las Vegas promises an unforgettable career destination. With all of our unique and spectacular resorts and casinos, MGM Resorts International has a world of opportunities for you to discover excitement and rewards as you provide our guests with a wonderful and memorable experience. Take a closer look at our properties. We think you'll find an opportunity that's right for you. The 81,000 global employees of MGM Resorts are proud to be recognized as one of FORTUNE® Magazine’s World’s Most Admired Companies®.
Loading...
MRI Similar Companies
Country Club
Country Club India Ltd is one of the fastest growing entertainment and leisure conglomerate in India. A Multi-Million dollar entity and a listed company on BSE (Bombay Stock Exchange), CCIL is a pioneer in the concept of family clubbing in the country. CCIL has established 205 properties of which 50
Kempinski Hotels
Founded in Germany in 1897, Kempinski Hotels has long reflected the finest traditions of European hospitality. Today, as ever, Kempinski is synonymous with distinctive luxury. Located in many of the world's most well-known cities and resorts, the Kempinski collection includes hotels in a grand mann
Radisson Hotel Group
Radisson Hotel Group is an international hotel group, operating in EMEA and APAC with over 1,320 hotels in operation and under development in +95 countries. The international hotel group is rapidly expanding with a plan to significantly grow the portfolio. The Group’s overarching brand promise is Ev
Landry's
Landry's is a multinational, diversified restaurant, hospitality, gaming, and entertainment leader based in Houston, Texas. The company operates more than 600 establishments around the world, including well-known concepts, such as Landry’s Seafood House, Bubba Gump Shrimp Co., Rainforest Cafe, Mo
We are Accor We are more than 290,000 hospitality experts placing people at the heart of what we do, creating emotion for our guests, and nurturing passion for service and achievement beyond limits. Building on the strength of our teams and of our fully integrated ecosystem of leading brands, perso
SJM Resorts
SJM Resorts, S.A. ("SJM") is one of the six concessionaires in Macau, authorised by the Government of the Macau Special Administrative Region to operate casinos and gaming areas. SJM is also the only casino gaming concessionaire with its roots in Macau. SJM owns and operates the Grand Lisboa Palace
DoubleTree by Hilton
DoubleTree by Hilton hotels are distinctively designed properties that provide true comfort to today’s business and leisure travelers. From the millions of delighted hotel guests who are welcomed with the brand’s legendary, warm chocolate chip cookies at check-in to the advantages of the award-winni
Hilton Grand Vacations is a global leader in vacation ownership, developing, marketing and operating a portfolio of high-quality, shared-ownership properties in highly desired vacation destinations. Our company also manages and operates innovative club membership programs providing exclusive exchang
Minor Hotels
Minor Hotels is a global hospitality leader with over 560 hotels and resorts across six continents, a diverse portfolio of F&B businesses and a selection of luxury transportation services. With over four decades of experience, we build stronger brands, foster lasting partnerships, and drive business
.png)
MRI CyberSecurity News
September 25, 2025 07:00 AM
MGM executive: Cybersecurity team offered to help Boyd after its attack
The chief technology officer at MGM Resorts International reached out to assist Boyd Gaming Corp. when it suffered a cyberattack publicly...
September 25, 2025 07:00 AM
MGM executive says cybersecurity team offered to help Boyd after attack
The chief technology officer at MGM Resorts International reached out to assist Boyd Gaming Corp. when it suffered a cyberattack publicly...
September 22, 2025 07:00 AM
Teen Hacker Linked to MGM, Caesars Security Breach Turns Himself In
A teenage male has been arrested for his alleged involvement in the high-profile 2023 cyberattacks on MGM Resorts and Caesars Entertainment.
September 22, 2025 07:00 AM
Teen Hacker Surrenders in Scattered Spider Ransomware Attacks on Vegas Casinos
In the glittering heart of Las Vegas, where fortunes are won and lost in an instant, a shadowy digital assault unfolded in 2023 that exposed...
September 21, 2025 07:00 AM
‘Sophisticated’ $100M cyberattack on Vegas Strip involved teen hacker
A male juvenile reportedly involved in a massive and “sophisticated” cyberattack on multiple Las Vegas casino properties, including MGM...
September 19, 2025 07:00 AM
Teen suspect in MGM, Caesars cyberattacks surrenders to Las Vegas authorities
A teenage suspect in the 2023 cyberattacks on MGM and Caesars, the biggest resort operators in Las Vegas, surrendered to authorities on...
September 17, 2025 07:00 AM
Why platform consolidation matters more than ever in cybersecurity
From casinos to cloud, enterprises face policy drift. Platform consolidation offers the blueprint for resilience, growth and regulatory...
April 30, 2025 07:00 AM
Zero trust everywhere: How MGM Resorts found agility and security
This article by Jay Chaudhry, CEO, Founder and Chairman, Zscaler was originally published on CIO.com. Despite massive cybersecurity...
March 24, 2025 07:00 AM
Here’s how to claim your share of the MGM data breach settlement
MGM Resorts International customers who believe their personal information was exposed in two data breaches that occurred in July 2019 and...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
MRI CyberSecurity History Information
Official Website of MGM Resorts International
The official website of MGM Resorts International is http://www.mgmresorts.com.
MGM Resorts International’s AI-Generated Cybersecurity Score
According to Rankiteo, MGM Resorts International’s AI-generated cybersecurity score is 100, reflecting their Critical security posture.
How many security badges does MGM Resorts International’ have ?
According to Rankiteo, MGM Resorts International currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does MGM Resorts International have SOC 2 Type 1 certification ?
According to Rankiteo, MGM Resorts International is not certified under SOC 2 Type 1.
Does MGM Resorts International have SOC 2 Type 2 certification ?
According to Rankiteo, MGM Resorts International does not hold a SOC 2 Type 2 certification.
Does MGM Resorts International comply with GDPR ?
According to Rankiteo, MGM Resorts International is not listed as GDPR compliant.
Does MGM Resorts International have PCI DSS certification ?
According to Rankiteo, MGM Resorts International does not currently maintain PCI DSS compliance.
Does MGM Resorts International comply with HIPAA ?
According to Rankiteo, MGM Resorts International is not compliant with HIPAA regulations.
Does MGM Resorts International have ISO 27001 certification ?
According to Rankiteo,MGM Resorts International is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of MGM Resorts International
MGM Resorts International operates primarily in the Hospitality industry.
Number of Employees at MGM Resorts International
MGM Resorts International employs approximately 26,151 people worldwide.
Subsidiaries Owned by MGM Resorts International
MGM Resorts International presently has no subsidiaries across any sectors.
MGM Resorts International’s LinkedIn Followers
MGM Resorts International’s official LinkedIn profile has approximately 195,819 followers.
NAICS Classification of MGM Resorts International
MGM Resorts International is classified under the NAICS code 7211, which corresponds to Traveler Accommodation.
MGM Resorts International’s Presence on Crunchbase
No, MGM Resorts International does not have a profile on Crunchbase.
MGM Resorts International’s Presence on LinkedIn
Yes, MGM Resorts International maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/mgm-resorts-international.
Cybersecurity Incidents Involving MGM Resorts International
As of December 03, 2025, Rankiteo reports that MGM Resorts International has experienced 11 cybersecurity incidents.
Number of Peer and Competitor Companies
MGM Resorts International has an estimated 13,715 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at MGM Resorts International ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack, Ransomware and Breach.
What was the total financial impact of these incidents on MGM Resorts International ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $600 million.
How does MGM Resorts International detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with experian, and remediation measures with identity theft protection services offered, and incident response plan activated with likely (for mgm and caesars, given public disclosure), and third party assistance with stealth iss group (cybersecurity consulting mentioned), and law enforcement notified with yes (17-year-old hacker arrested; case in juvenile court), and communication strategy with limited (some breaches never made the news), and and and third party assistance with ir retainers, third party assistance with forensics teams, third party assistance with third-party monitoring, and containment measures with network isolation, containment measures with edr uplift, containment measures with ai-driven triage, and remediation measures with security rebuild, remediation measures with audit controls, remediation measures with tooling refresh, and recovery measures with data review/ediscovery, recovery measures with system restore, and communication strategy with sec-mandated disclosure (4 business days), communication strategy with customer notification, communication strategy with call center support, and enhanced monitoring with post-breach audits, enhanced monitoring with continuous threat detection..
Incident Details
Can you provide details on each incident ?
Title: Social Engineering Attack on Caesars Entertainment
Description: Caesars Entertainment revealed in an SEC filing that the company had been the victim of a social engineering attack on an outsourced IT support vendor used by the company. The website and smartphone apps for the corporation have been down for almost a week. Weeks before the attack on MGM Resorts, Caesars was attacked. The attack severely disrupted MGM's operations, making check-in for visitors a lengthy process and rendering electronic payments, digital key cards, slot machines, ATMs, and paid parking systems useless. Known ransomware-as-a-service organizations seem to have targeted both businesses. ALPHV.
Type: Social Engineering
Attack Vector: Phishing
Threat Actor: ALPHV
Motivation: Financial GainOperational Disruption
Title: MGM Resorts International Ransomware Attack
Description: MGM Resorts International suffered a ransomware attack in September 2023, significantly disrupting operations across its Las Vegas properties. The digital systems for managing casinos and hotels were incapacitated, preventing credit card transactions and forcing guests to seek alternative accommodations. Staff had to manually compute slot machine outcomes due to the systems' unavailability. Over 37 million customers and a trove of business information were affected, and hackers associated with the BlackCat/Alphv gang later claimed responsibility. The incident led to a substantial financial loss for the company, estimated at about $100 million, and triggered a sequence of class action lawsuits resulting in a $45 million settlement.
Date Detected: September 2023
Type: Ransomware Attack
Threat Actor: BlackCat/Alphv gang
Title: SCATTERED SPIDER Cyber Attack
Description: A sophisticated cybercriminal group known as SCATTERED SPIDER has emerged as one of the most dangerous threats facing organizations today, demonstrating an alarming ability to bypass multi-factor authentication through cunning social engineering tactics targeting IT support teams.
Type: Social Engineering, Ransomware
Attack Vector: Social EngineeringVishingSIM-swappingMFA Fatigue Attacks
Vulnerability Exploited: Human Factors
Threat Actor: SCATTERED SPIDER
Motivation: Financial
Title: Scattered Spider Attack on Large Enterprises
Description: The cybercriminal group known as Scattered Spider has significantly evolved its attack methodologies, demonstrating alarming sophistication in exploiting legitimate administrative tools to maintain persistent access to compromised networks. Also tracked under aliases including UNC3944, Scatter Swine, and Muddled Libra, this financially motivated threat actor has been actively targeting large enterprises since May 2022, with particular focus on telecommunications, cloud technology companies, and recently expanding into retail, finance, and airline sectors. The group’s primary attack vector remains social engineering, particularly through help desk impersonation where attackers pose as IT support staff to trick employees into revealing credentials or installing remote access software. This human-centric approach has proven devastatingly effective, as demonstrated by high-profile breaches including the MGM Resorts casino attack in 2023, which resulted in approximately 6 terabytes of stolen data and over $100 million in damages. The group’s operations typically culminate in data theft for extortion purposes, often collaborating with ransomware affiliates such as ALPHV/BlackCat and DragonForce.
Type: Data Theft, Extortion
Attack Vector: Social Engineering, Help Desk Impersonation
Threat Actor: Scattered Spider (also known as UNC3944, Scatter Swine, Muddled Libra)
Motivation: Financial
Title: FBI Warning on Cybercriminal Organization 'The Com'
Description: The FBI released a warning about a cybercriminal organization known as The Com, which is engaging in various cybercriminal activities including ransomware attacks, swatting, extortion, DDoS attacks, SIM swapping, and cryptocurrency theft.
Type: Cybercriminal Activity
Attack Vector: RansomwareSwattingExtortionDDoSSIM SwappingCryptocurrency Theft
Threat Actor: The Com
Motivation: Financial GainRetaliationIdeologySexual GratificationNotoriety
Title: MGM Resorts International Data Breach
Description: Unauthorized access to personal information, including driver's license numbers.
Date Detected: 2023-09-12
Date Publicly Disclosed: 2023-10-05
Type: Data Breach
Attack Vector: Unauthorized Access
Title: BetMGM Data Breach
Description: The Maine Office of the Attorney General reported a data breach involving BetMGM, LLC on December 21, 2022. The breach occurred between May 21 and May 23, 2022, potentially affecting 459 residents, with compromised information including Social Security numbers. An investigation began following the company discovering the issue on November 28, 2022, and identity theft protection services were offered.
Date Detected: 2022-11-28
Date Publicly Disclosed: 2022-12-21
Type: Data Breach
Title: Scattered Spider Cyber Attacks
Description: Scattered Spider, a sophisticated cybercriminal group, has evolved from basic phishing operations to complex multi-stage ransomware campaigns targeting critical infrastructure. The group has shifted to hypervisor-level attacks and adopted new ransomware variants, posing a significant threat to security professionals worldwide.
Type: Cyber Attack, Ransomware, Social Engineering
Attack Vector: Social Engineering, Phishing, SIM Swapping, Hypervisor-Level Attacks
Threat Actor: Scattered Spider (UNC3944, Octo Tempest, 0ktapus, Muddled Libra, Scatter Swine)
Motivation: Financial Gain
Title: AI-Powered Cyberattacks Targeting Las Vegas Businesses, Including MGM Resorts and Caesars Entertainment
Description: The advancement of artificial intelligence (AI) is enabling cybercriminals to exploit businesses more efficiently, particularly in Las Vegas, where personal data is a prime target. Hackers leverage AI tools for social engineering, voice cloning, and deepfake attacks to bypass security measures. Notable breaches include MGM Resorts International and Caesars Entertainment in 2021, resulting in $200 million in damages for MGM. A 17-year-old hacker from Illinois was arrested in connection with these attacks. Cybersecurity expert Dasha Davies warns that adversarial nations like China, Russia, and North Korea are training young hackers for cyber espionage. Businesses are advised to avoid cloud storage for critical data and update passwords regularly.
Type: cyber espionage
Attack Vector: AI-driven voice cloningdeepfake video/zoom callssocial engineeringexploitation of cloud vulnerabilitiesexploitation of publicly available personal data
Vulnerability Exploited: weak password policieslack of multi-factor authentication (MFA)cloud security misconfigurationspublicly exposed personal data (e.g., YouTube videos)insufficient user education on phishing/social engineering
Threat Actor: 17-year-old hacker from Illinois (arrested)state-sponsored hackers (China, Russia, North Korea implied)young hackers (as young as 13–14, trained in cyber academies)
Motivation: financial gaincyber espionagedata theft for black market salesdisruption of U.S. businesses
Title: 2023 Cyberattack on MGM Resorts and Caesars Entertainment by Scattered Spider
Description: Between August and October 2023, multiple casinos owned by MGM Resorts International and Caesars Entertainment were targeted in a massive cyberattack attributed to the hacking collective Scattered Spider. The attack, involving BlackCat ransomware and social engineering tactics, resulted in over $100 million in damages. Caesars Entertainment paid a $15 million ransom, while a 17-year-old suspect from Las Vegas, allegedly holding $1.8 million in ransomed Bitcoin, was recently released on bail to his parents. The group, composed primarily of English-speaking teens and young adults, executed sophisticated network intrusions, exfiltrating confidential data and threatening DDoS attacks.
Type: Cyberattack
Attack Vector: Social EngineeringRansomware (BlackCat)DDoS ThreatsData Exfiltration
Threat Actor: Scattered Spider
Motivation: Financial Gain
Title: 2025 Global Data Breach Cost Trends and Insights
Description: In 2025, the global average cost of a data breach declined to $4.44 million USD (down 9% year-over-year), while U.S. breaches averaged $10.22 million USD—a new high. Key drivers include faster detection/containment (mean time trending to ~200 days), reduced ransomware payment rates (~23%), and SEC disclosure rules compressing response timelines to 4 business days. Costs stem from direct expenses (IR, legal, fines) and hidden impacts (downtime, churn, premium hikes). Healthcare ($7.42M avg) and financial services remain high-risk industries. Prevention ROI emphasizes AI-driven detection, identity-first security (MFA, SSO hardening), and tested response workflows.
Type: Data Breach
Attack Vector: Credential TheftPhishingPrivilege MisuseSocial Engineering
Vulnerability Exploited: Weak Identity ControlsSlow Detection CapabilitiesUngoverned AI Systems
Motivation: Financial GainData ExfiltrationExtortion
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing, VishingSIM-swappingMFA Fatigue Attacks, Help Desk Impersonation, Gaming SitesSwatting, Social Engineering, Phishing, social engineering (voice cloning, deepfakes)exploiting publicly available data (e.g., YouTube videos)cloud misconfigurations and PhishingCredential TheftPrivilege Misuse.
Impact of the Incidents
What was the impact of each incident ?
Incident : Social Engineering MGM85317923
Systems Affected: WebsiteSmartphone AppsElectronic PaymentsDigital Key CardsSlot MachinesATMsPaid Parking Systems
Downtime: Almost a week
Operational Impact: Lengthy check-in processDisruption of electronic paymentsDisruption of digital key cardsDisruption of slot machinesDisruption of ATMsDisruption of paid parking systems
Incident : Ransomware Attack MGM906031025
Financial Loss: $100 million
Data Compromised: 37 million customers and business information
Systems Affected: Digital systems for managing casinos and hotels
Operational Impact: Significant disruption of operations
Legal Liabilities: $45 million settlement
Incident : Social Engineering, Ransomware MGM611060625
Systems Affected: OktaActive DirectoryAzure AD
Operational Impact: Widespread IT Disruption
Incident : Data Theft, Extortion MGM752070725
Financial Loss: Over $100 million
Data Compromised: Approximately 6 terabytes of data
Systems Affected: Amazon EC2 servers
Incident : Data Breach MGM647072525
Data Compromised: Driver's license numbers
Identity Theft Risk: High
Incident : Data Breach MGM851072625
Data Compromised: Social security numbers
Identity Theft Risk: High
Incident : Cyber Attack, Ransomware, Social Engineering MGM301080925
Financial Loss: $100 million (MGM Resorts attack)
Systems Affected: VMware vSphere, ESXi environments, Cloud storage environments
Operational Impact: Significant operational disruption
Incident : cyber espionage MGM0062100092525
Financial Loss: $200 million (MGM Resorts alone)
Data Compromised: Personal information, Potentially payment data, Employee/customer records
Operational Impact: Significant (e.g., MGM Resorts disruption)
Revenue Loss: $200 million (MGM Resorts)
Brand Reputation Impact: High (MGM and Caesars breaches publicly disclosed, unnamed breaches in insurance, healthcare, education, and manufacturing)
Legal Liabilities: Ongoing (17-year-old hacker facing juvenile/adult court proceedings)
Identity Theft Risk: High (personal data sold on black market)
Payment Information Risk: Likely (given targeting of casinos and businesses with financial data)
Incident : Cyberattack MGM2602026092725
Financial Loss: $100 million (combined damages)
Data Compromised: Confidential victim data (exfiltrated)
Brand Reputation Impact: High (publicized breach involving major casino brands)
Legal Liabilities: Ongoing (prosecution of 17-year-old suspect, potential adult trial)
Incident : Data Breach MGM3262132110325
Downtime: {'avg_trend': 'Low 200s of days (identification + containment)', 'example': '30 hours (partial downtime at $25k/hour)'}
Operational Impact: OutagesSlowdowns During Containment/RestoreCompliance Program Upgrades
Revenue Loss: ['Downtime ($0.75M in example)', 'Customer Churn', 'Higher Customer Acquisition Costs (CAC)']
Brand Reputation Impact: Trust ErosionHigher Cost to Win Back Trust
Legal Liabilities: Class Actions (e.g., MGM, T-Mobile cases)Regulatory FinesSEC Disclosure Costs
Identity Theft Risk: ['High (Per-Record Costs Escalate with PII Exposure)']
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $54.55 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Driver'S License Numbers, , Social Security Numbers, , Personal Information, Potentially Financial Data, Employee Records, , Confidential victim data, Customer Records, Pii, High-Value Target Data and .
Which entities were affected by each incident ?
Incident : Social Engineering MGM85317923
Entity Name: Caesars Entertainment
Entity Type: Corporation
Industry: Entertainment
Incident : Ransomware Attack MGM906031025
Entity Name: MGM Resorts International
Entity Type: Company
Industry: Hospitality
Location: Las Vegas
Customers Affected: 37 million
Incident : Social Engineering, Ransomware MGM611060625
Entity Name: MGM Resorts
Entity Type: Corporate
Industry: Hospitality
Location: United KingdomUnited States
Incident : Social Engineering, Ransomware MGM611060625
Entity Type: Corporate
Industry: Hospitality, Telecommunications, Finance, Retail
Location: United KingdomUnited States
Incident : Data Theft, Extortion MGM752070725
Entity Name: MGM Resorts
Entity Type: Casino
Industry: Hospitality
Incident : Data Breach MGM647072525
Entity Name: MGM Resorts International
Entity Type: Corporation
Industry: Hospitality
Incident : Data Breach MGM851072625
Entity Name: BetMGM, LLC
Entity Type: Company
Industry: Gambling
Customers Affected: 459
Incident : Cyber Attack, Ransomware, Social Engineering MGM301080925
Entity Name: MGM Resorts
Entity Type: Corporation
Industry: Hospitality
Location: United States
Incident : Cyber Attack, Ransomware, Social Engineering MGM301080925
Entity Name: Caesars Entertainment
Entity Type: Corporation
Industry: Hospitality
Location: United States
Incident : cyber espionage MGM0062100092525
Entity Name: MGM Resorts International
Entity Type: Hospitality/Casino
Industry: Gaming & Entertainment
Location: Las Vegas, Nevada, USA
Size: Large enterprise
Incident : cyber espionage MGM0062100092525
Entity Name: Caesars Entertainment
Entity Type: Hospitality/Casino
Industry: Gaming & Entertainment
Location: Las Vegas, Nevada, USA
Size: Large enterprise
Incident : cyber espionage MGM0062100092525
Entity Name: Unnamed clients in insurance, healthcare, education, and manufacturing
Entity Type: Insurance, Healthcare, Education, Manufacturing
Location: Las Vegas, Nevada, USA (implied)
Incident : Cyberattack MGM2602026092725
Entity Name: MGM Resorts International
Entity Type: Corporation
Industry: Hospitality/Gaming
Location: Las Vegas, Nevada, USA
Incident : Cyberattack MGM2602026092725
Entity Name: Caesars Entertainment
Entity Type: Corporation
Industry: Hospitality/Gaming
Location: Las Vegas, Nevada, USA
Incident : Data Breach MGM3262132110325
Entity Type: Public Companies (SEC-regulated), Healthcare Organizations, Financial Services Firms
Industry: Healthcare, Financial Services, Technology, Retail
Location: United States (Highest Cost Region)Global
Customers Affected: Example: 200,000 records
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Cybercriminal Activity MGM344072525
Incident : Data Breach MGM647072525
Third Party Assistance: Experian.
Incident : Data Breach MGM851072625
Remediation Measures: Identity theft protection services offered
Incident : cyber espionage MGM0062100092525
Incident Response Plan Activated: Likely (for MGM and Caesars, given public disclosure)
Third Party Assistance: Stealth ISS Group (cybersecurity consulting mentioned)
Law Enforcement Notified: Yes (17-year-old hacker arrested; case in juvenile court)
Communication Strategy: Limited (some breaches never made the news)
Incident : Cyberattack MGM2602026092725
Incident : Data Breach MGM3262132110325
Incident Response Plan Activated: True
Third Party Assistance: Ir Retainers, Forensics Teams, Third-Party Monitoring.
Containment Measures: Network IsolationEDR UpliftAI-Driven Triage
Remediation Measures: Security RebuildAudit ControlsTooling Refresh
Recovery Measures: Data Review/eDiscoverySystem Restore
Communication Strategy: SEC-Mandated Disclosure (4 business days)Customer NotificationCall Center Support
Enhanced Monitoring: Post-Breach AuditsContinuous Threat Detection
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Likely (for MGM and Caesars, given public disclosure), .
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Experian, , Stealth ISS Group (cybersecurity consulting mentioned), IR Retainers, Forensics Teams, Third-Party Monitoring, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware Attack MGM906031025
Number of Records Exposed: 37 million
Incident : Data Theft, Extortion MGM752070725
Incident : Data Breach MGM647072525
Type of Data Compromised: Driver's license numbers
Sensitivity of Data: High
Incident : Data Breach MGM851072625
Type of Data Compromised: Social security numbers
Number of Records Exposed: 459
Sensitivity of Data: High
Personally Identifiable Information: Social Security numbers
Incident : Cyber Attack, Ransomware, Social Engineering MGM301080925
Data Exfiltration: Yes
Data Encryption: Yes
Incident : cyber espionage MGM0062100092525
Type of Data Compromised: Personal information, Potentially financial data, Employee records
Sensitivity of Data: High (personal data sold on black market)
Data Exfiltration: Likely (data sold on dark web implied)
Personally Identifiable Information: Yes (voice recordings, videos, personal details)
Incident : Cyberattack MGM2602026092725
Type of Data Compromised: Confidential victim data
Sensitivity of Data: High
Data Encryption: True
Incident : Data Breach MGM3262132110325
Type of Data Compromised: Customer records, Pii, High-value target data
Number of Records Exposed: Example: 200,000
Sensitivity of Data: High (Healthcare/Financial)Moderate (Retail/Tech)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Identity theft protection services offered, , Security Rebuild, Audit Controls, Tooling Refresh, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by network isolation, edr uplift, ai-driven triage and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Social Engineering MGM85317923
Ransomware Strain: ALPHV
Incident : Social Engineering, Ransomware MGM611060625
Ransomware Strain: DragonForce
Incident : Data Theft, Extortion MGM752070725
Ransomware Strain: ALPHV/BlackCatDragonForce
Incident : Cyber Attack, Ransomware, Social Engineering MGM301080925
Ransomware Strain: DragonForce
Data Encryption: Yes
Data Exfiltration: Yes
Incident : cyber espionage MGM0062100092525
Data Exfiltration: Likely (given $200M damage and data theft focus)
Incident : Cyberattack MGM2602026092725
Ransom Demanded: $15 million (paid by Caesars Entertainment)
Ransom Paid: $15 million (by Caesars)
Ransomware Strain: BlackCat (ALPHV)
Data Encryption: True
Data Exfiltration: True
Incident : Data Breach MGM3262132110325
Ransom Paid: payment_rate: ~23% (2025 low), trend: Declining (Fewer Organizations Paying),
Data Encryption: True
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Data Review/eDiscovery, System Restore, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Ransomware Attack MGM906031025
Legal Actions: Class action lawsuits
Incident : cyber espionage MGM0062100092525
Legal Actions: Ongoing (17-year-old hacker's case in court)
Incident : Cyberattack MGM2602026092725
Legal Actions: Ongoing prosecution of 17-year-old suspect; potential adult trial for extortion/conspiracy
Incident : Data Breach MGM3262132110325
Regulations Violated: SEC Disclosure Rules (4-day window), Data Protection Laws (e.g., GDPR, HIPAA),
Legal Actions: Class Actions, Agency Settlements,
Regulatory Notifications: Mandatory Disclosure to SEC (Public Companies)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuits, Ongoing (17-year-old hacker's case in court), Ongoing prosecution of 17-year-old suspect; potential adult trial for extortion/conspiracy, Class Actions, Agency Settlements, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Cyber Attack, Ransomware, Social Engineering MGM301080925
Lessons Learned: The incident highlights the need for comprehensive identity governance, advanced behavioral analytics, and security architectures that assume compromise rather than attempting to prevent all intrusions.
Incident : cyber espionage MGM0062100092525
Lessons Learned: AI tools lower the barrier for cyberattacks, enabling faster and more sophisticated breaches (e.g., voice cloning, deepfakes)., Social engineering remains a critical vulnerability, especially with publicly available data (e.g., YouTube videos)., Cloud storage does not guarantee security and may introduce additional risks if not properly managed., Adversarial nations are systematically training young hackers for cyber espionage against U.S. targets., Password hygiene (e.g., changing passwords every 6 months) is essential but insufficient alone to prevent breaches.
Incident : Data Breach MGM3262132110325
Lessons Learned: Faster detection/containment reduces costs significantly (2025’s 9% global decline)., Identity controls (MFA, SSO hardening) mitigate most breaches (DBIR 2025)., Ransomware recovery costs exceed ransom payments; budget for recovery over paying., SEC rules shorten response windows, increasing legal/operational pressure., Data minimization and retention hygiene reduce per-record costs.
What recommendations were made to prevent future incidents ?
Incident : Cyber Attack, Ransomware, Social Engineering MGM301080925
Recommendations: Implement phishing-resistant multi-factor authentication, enhance help desk security procedures, secure virtualization infrastructure, and improve cloud security measures.
Incident : cyber espionage MGM0062100092525
Recommendations: Avoid storing critical data in the cloud; prefer local storage for sensitive information., Implement multi-factor authentication (MFA) and strict access controls to mitigate social engineering risks., Educate employees and users on AI-driven threats (e.g., voice cloning, deepfake phishing)., Regularly update passwords and monitor for unauthorized access, assuming breaches are inevitable., Businesses should conduct frequent security audits to identify and address gaps in defenses., Enhance monitoring for unusual activity, especially in high-risk industries (e.g., gaming, healthcare, finance).Avoid storing critical data in the cloud; prefer local storage for sensitive information., Implement multi-factor authentication (MFA) and strict access controls to mitigate social engineering risks., Educate employees and users on AI-driven threats (e.g., voice cloning, deepfake phishing)., Regularly update passwords and monitor for unauthorized access, assuming breaches are inevitable., Businesses should conduct frequent security audits to identify and address gaps in defenses., Enhance monitoring for unusual activity, especially in high-risk industries (e.g., gaming, healthcare, finance).Avoid storing critical data in the cloud; prefer local storage for sensitive information., Implement multi-factor authentication (MFA) and strict access controls to mitigate social engineering risks., Educate employees and users on AI-driven threats (e.g., voice cloning, deepfake phishing)., Regularly update passwords and monitor for unauthorized access, assuming breaches are inevitable., Businesses should conduct frequent security audits to identify and address gaps in defenses., Enhance monitoring for unusual activity, especially in high-risk industries (e.g., gaming, healthcare, finance).Avoid storing critical data in the cloud; prefer local storage for sensitive information., Implement multi-factor authentication (MFA) and strict access controls to mitigate social engineering risks., Educate employees and users on AI-driven threats (e.g., voice cloning, deepfake phishing)., Regularly update passwords and monitor for unauthorized access, assuming breaches are inevitable., Businesses should conduct frequent security audits to identify and address gaps in defenses., Enhance monitoring for unusual activity, especially in high-risk industries (e.g., gaming, healthcare, finance).Avoid storing critical data in the cloud; prefer local storage for sensitive information., Implement multi-factor authentication (MFA) and strict access controls to mitigate social engineering risks., Educate employees and users on AI-driven threats (e.g., voice cloning, deepfake phishing)., Regularly update passwords and monitor for unauthorized access, assuming breaches are inevitable., Businesses should conduct frequent security audits to identify and address gaps in defenses., Enhance monitoring for unusual activity, especially in high-risk industries (e.g., gaming, healthcare, finance).Avoid storing critical data in the cloud; prefer local storage for sensitive information., Implement multi-factor authentication (MFA) and strict access controls to mitigate social engineering risks., Educate employees and users on AI-driven threats (e.g., voice cloning, deepfake phishing)., Regularly update passwords and monitor for unauthorized access, assuming breaches are inevitable., Businesses should conduct frequent security audits to identify and address gaps in defenses., Enhance monitoring for unusual activity, especially in high-risk industries (e.g., gaming, healthcare, finance).
Incident : Data Breach MGM3262132110325
Recommendations: Invest in AI-driven detection/automation (governed to avoid risk exposure)., Prioritize identity-first security (phishing-resistant MFA, session controls)., Test response readiness with disclosure tabletop exercises., Treat detection, IR runbooks, and customer communications as capital investments., Adopt data minimization strategies to lower per-record breach costs.Invest in AI-driven detection/automation (governed to avoid risk exposure)., Prioritize identity-first security (phishing-resistant MFA, session controls)., Test response readiness with disclosure tabletop exercises., Treat detection, IR runbooks, and customer communications as capital investments., Adopt data minimization strategies to lower per-record breach costs.Invest in AI-driven detection/automation (governed to avoid risk exposure)., Prioritize identity-first security (phishing-resistant MFA, session controls)., Test response readiness with disclosure tabletop exercises., Treat detection, IR runbooks, and customer communications as capital investments., Adopt data minimization strategies to lower per-record breach costs.Invest in AI-driven detection/automation (governed to avoid risk exposure)., Prioritize identity-first security (phishing-resistant MFA, session controls)., Test response readiness with disclosure tabletop exercises., Treat detection, IR runbooks, and customer communications as capital investments., Adopt data minimization strategies to lower per-record breach costs.Invest in AI-driven detection/automation (governed to avoid risk exposure)., Prioritize identity-first security (phishing-resistant MFA, session controls)., Test response readiness with disclosure tabletop exercises., Treat detection, IR runbooks, and customer communications as capital investments., Adopt data minimization strategies to lower per-record breach costs.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are The incident highlights the need for comprehensive identity governance, advanced behavioral analytics, and security architectures that assume compromise rather than attempting to prevent all intrusions.AI tools lower the barrier for cyberattacks, enabling faster and more sophisticated breaches (e.g., voice cloning, deepfakes).,Social engineering remains a critical vulnerability, especially with publicly available data (e.g., YouTube videos).,Cloud storage does not guarantee security and may introduce additional risks if not properly managed.,Adversarial nations are systematically training young hackers for cyber espionage against U.S. targets.,Password hygiene (e.g., changing passwords every 6 months) is essential but insufficient alone to prevent breaches.Faster detection/containment reduces costs significantly (2025’s 9% global decline).,Identity controls (MFA, SSO hardening) mitigate most breaches (DBIR 2025).,Ransomware recovery costs exceed ransom payments; budget for recovery over paying.,SEC rules shorten response windows, increasing legal/operational pressure.,Data minimization and retention hygiene reduce per-record costs.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Implement phishing-resistant multi-factor authentication, enhance help desk security procedures, secure virtualization infrastructure and and improve cloud security measures..
References
Where can I find more information about each incident ?
Incident : Social Engineering MGM85317923
Source: SEC Filing
Incident : Social Engineering, Ransomware MGM611060625
Source: SOSIntelligence
Incident : Data Theft, Extortion MGM752070725
Source: Rapid7
Incident : Cybercriminal Activity MGM344072525
Source: FBI
Incident : Data Breach MGM647072525
Source: Maine Office of the Attorney General
Date Accessed: 2023-10-05
Incident : Data Breach MGM851072625
Source: Maine Office of the Attorney General
Date Accessed: 2022-12-21
Incident : Cyber Attack, Ransomware, Social Engineering MGM301080925
Source: Cybersecurity Reports
Incident : cyber espionage MGM0062100092525
Source: News 3 Las Vegas
Incident : cyber espionage MGM0062100092525
Source: Stealth ISS Group (Dasha Davies, President & CISO)
Incident : Cyberattack MGM2602026092725
Source: Tom's Hardware
Incident : Data Breach MGM3262132110325
Source: IBM Cost of a Data Breach Report 2025
Incident : Data Breach MGM3262132110325
Source: Verizon Data Breach Investigations Report (DBIR) 2025
Incident : Data Breach MGM3262132110325
Source: Coveware/Chainalysis Ransomware Trend Trackers
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: SEC Filing, and Source: SOSIntelligence, and Source: Rapid7, and Source: FBI, and Source: Maine Office of the Attorney GeneralDate Accessed: 2023-10-05, and Source: Maine Office of the Attorney GeneralDate Accessed: 2022-12-21, and Source: Cybersecurity Reports, and Source: News 3 Las Vegas, and Source: Stealth ISS Group (Dasha Davies, President & CISO), and Source: Tom's Hardware, and Source: IBM Cost of a Data Breach Report 2025, and Source: Verizon Data Breach Investigations Report (DBIR) 2025, and Source: Coveware/Chainalysis Ransomware Trend Trackers.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Cybercriminal Activity MGM344072525
Investigation Status: Ongoing
Incident : Data Breach MGM851072625
Investigation Status: Ongoing
Incident : cyber espionage MGM0062100092525
Investigation Status: Ongoing (17-year-old hacker's case pending in juvenile/adult court; unnamed breaches unreported)
Incident : Cyberattack MGM2602026092725
Investigation Status: Ongoing (suspect released on bail; $1.8M in Bitcoin unrecovered; UK arrests of additional suspects)
Incident : Data Breach MGM3262132110325
Investigation Status: Ongoing (Industry-Wide Trends)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Limited (some breaches never made the news), Sec-Mandated Disclosure (4 Business Days), Customer Notification and Call Center Support.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : cyber espionage MGM0062100092525
Customer Advisories: Limited (some breaches not publicly disclosed)
Incident : Data Breach MGM3262132110325
Stakeholder Advisories: Sec-Mandated Disclosures, Board Communications, Regulatory Reporting.
Customer Advisories: Notification LettersCredit Monitoring ServicesCall Center Support
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Limited (some breaches not publicly disclosed), Sec-Mandated Disclosures, Board Communications, Regulatory Reporting, Notification Letters, Credit Monitoring Services, Call Center Support and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Social Engineering MGM85317923
Entry Point: Phishing
Incident : Social Engineering, Ransomware MGM611060625
Entry Point: Vishing, Sim-Swapping, Mfa Fatigue Attacks,
High Value Targets: Okta, Active Directory, Azure Ad,
Data Sold on Dark Web: Okta, Active Directory, Azure Ad,
Incident : Data Theft, Extortion MGM752070725
Entry Point: Help Desk Impersonation
Incident : Cybercriminal Activity MGM344072525
Entry Point: Gaming Sites, Swatting,
High Value Targets: Retail, Insurance, Airlines,
Data Sold on Dark Web: Retail, Insurance, Airlines,
Incident : Cyber Attack, Ransomware, Social Engineering MGM301080925
Entry Point: Social Engineering, Phishing
High Value Targets: VMware vSphere, ESXi environments, Cloud storage environments
Data Sold on Dark Web: VMware vSphere, ESXi environments, Cloud storage environments
Incident : cyber espionage MGM0062100092525
Entry Point: Social Engineering (Voice Cloning, Deepfakes), Exploiting Publicly Available Data (E.G., Youtube Videos), Cloud Misconfigurations,
High Value Targets: Casinos (Mgm, Caesars), Insurance, Healthcare, Education, Manufacturing Sectors,
Data Sold on Dark Web: Casinos (Mgm, Caesars), Insurance, Healthcare, Education, Manufacturing Sectors,
Incident : Cyberattack MGM2602026092725
High Value Targets: Mgm Resorts, Caesars Entertainment,
Data Sold on Dark Web: Mgm Resorts, Caesars Entertainment,
Incident : Data Breach MGM3262132110325
Entry Point: Phishing, Credential Theft, Privilege Misuse,
High Value Targets: Customer Databases, Financial Records, Healthcare Pii,
Data Sold on Dark Web: Customer Databases, Financial Records, Healthcare Pii,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Social Engineering, Ransomware MGM611060625
Root Causes: Human Factors
Incident : Cyber Attack, Ransomware, Social Engineering MGM301080925
Root Causes: Sophisticated social engineering, abuse of legitimate administrative tools, and targeting of virtualization infrastructure.
Corrective Actions: Enhance identity and access management, improve help desk security procedures, and implement advanced behavioral analytics.
Incident : cyber espionage MGM0062100092525
Root Causes: Over-Reliance On Cloud Storage Without Proper Security Controls., Lack Of User Awareness About Ai-Driven Social Engineering Tactics., Insufficient Protection For Publicly Available Personal Data (E.G., Voice/Video Recordings)., State-Sponsored Training Of Young Hackers Exacerbating The Threat Landscape.,
Corrective Actions: Transition Critical Data From Cloud To Local Storage With Enhanced Security., Deploy Advanced Threat Detection For Ai-Generated Attacks (E.G., Voice/Deepfake Detection)., Strengthen Password Policies And Enforce Mfa Across All Systems., Collaborate With Law Enforcement And Cybersecurity Firms (E.G., Stealth Iss Group) For Proactive Defense.,
Incident : Data Breach MGM3262132110325
Root Causes: Slow Detection/Escalation (2024’S Top Cost Driver), Weak Identity Controls (80%+ Breaches Involve Credentials Per Dbir), Ungoverned Ai Systems (Increase Risk Exposure),
Corrective Actions: Implement Ai-Governed Detection/Automation., Hardening Mfa/Sso And Session Controls., Reduce Mean Time To Identify/Contain (Target <200 Days)., Conduct Disclosure Tabletop Exercises For Sec Compliance., Refresh Security Tooling And Audit Controls Post-Incident.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Experian, , Stealth ISS Group (cybersecurity consulting mentioned), Ir Retainers, Forensics Teams, Third-Party Monitoring, , Post-Breach Audits, Continuous Threat Detection, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Enhance identity and access management, improve help desk security procedures, and implement advanced behavioral analytics., Transition Critical Data From Cloud To Local Storage With Enhanced Security., Deploy Advanced Threat Detection For Ai-Generated Attacks (E.G., Voice/Deepfake Detection)., Strengthen Password Policies And Enforce Mfa Across All Systems., Collaborate With Law Enforcement And Cybersecurity Firms (E.G., Stealth Iss Group) For Proactive Defense., , Implement Ai-Governed Detection/Automation., Hardening Mfa/Sso And Session Controls., Reduce Mean Time To Identify/Contain (Target <200 Days)., Conduct Disclosure Tabletop Exercises For Sec Compliance., Refresh Security Tooling And Audit Controls Post-Incident., .
Additional Questions
General Information
Has the company ever paid ransoms ?
Ransom Payment History: The company has Paid ransoms in the past.
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was $15 million (paid by Caesars Entertainment).
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an ALPHV, BlackCat/Alphv gang, SCATTERED SPIDER, Scattered Spider (also known as UNC3944, Scatter Swine, Muddled Libra), The Com, Scattered Spider (UNC3944, Octo Tempest, 0ktapus, Muddled Libra, Scatter Swine), 17-year-old hacker from Illinois (arrested)state-sponsored hackers (China, Russia, North Korea implied)young hackers (as young as 13–14, trained in cyber academies) and Scattered Spider.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on September 2023.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2022-12-21.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $100 million.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were 37 million customers and business information, Approximately 6 terabytes of data, Driver's License Numbers, , Social Security numbers, , personal information, potentially payment data, employee/customer records, and Confidential victim data (exfiltrated).
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was WebsiteSmartphone AppsElectronic PaymentsDigital Key CardsSlot MachinesATMsPaid Parking Systems and and OktaActive DirectoryAzure AD and and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was experian, , Stealth ISS Group (cybersecurity consulting mentioned), ir retainers, forensics teams, third-party monitoring, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Network IsolationEDR UpliftAI-Driven Triage.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were potentially payment data, Confidential victim data (exfiltrated), Driver's License Numbers, employee/customer records, Social Security numbers, personal information, Approximately 6 terabytes of data and 37 million customers and business information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 37.2M.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was $15 million (paid by Caesars Entertainment).
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuits, Ongoing (17-year-old hacker's case in court), Ongoing prosecution of 17-year-old suspect; potential adult trial for extortion/conspiracy, Class Actions, Agency Settlements, .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Data minimization and retention hygiene reduce per-record costs.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Implement multi-factor authentication (MFA) and strict access controls to mitigate social engineering risks., Treat detection, IR runbooks, and customer communications as capital investments., Enhance monitoring for unusual activity, especially in high-risk industries (e.g., gaming, healthcare, finance)., Educate employees and users on AI-driven threats (e.g., voice cloning, deepfake phishing)., Avoid storing critical data in the cloud; prefer local storage for sensitive information., Adopt data minimization strategies to lower per-record breach costs., Invest in AI-driven detection/automation (governed to avoid risk exposure)., Test response readiness with disclosure tabletop exercises., Businesses should conduct frequent security audits to identify and address gaps in defenses., Implement phishing-resistant multi-factor authentication, enhance help desk security procedures, secure virtualization infrastructure, and improve cloud security measures., Regularly update passwords and monitor for unauthorized access, assuming breaches are inevitable., Prioritize identity-first security (phishing-resistant MFA and session controls)..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are FBI, News 3 Las Vegas, Rapid7, Tom's Hardware, Maine Office of the Attorney General, SEC Filing, Coveware/Chainalysis Ransomware Trend Trackers, Stealth ISS Group (Dasha Davies, President & CISO), Cybersecurity Reports, SOSIntelligence, Verizon Data Breach Investigations Report (DBIR) 2025 and IBM Cost of a Data Breach Report 2025.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was SEC-Mandated Disclosures, Board Communications, Regulatory Reporting, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Limited (some breaches not publicly disclosed) and Notification LettersCredit Monitoring ServicesCall Center Support.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Help Desk Impersonation, Social Engineering, Phishing and Phishing.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Human Factors, Sophisticated social engineering, abuse of legitimate administrative tools, and targeting of virtualization infrastructure., Over-reliance on cloud storage without proper security controls.Lack of user awareness about AI-driven social engineering tactics.Insufficient protection for publicly available personal data (e.g., voice/video recordings).State-sponsored training of young hackers exacerbating the threat landscape., Slow Detection/Escalation (2024’s top cost driver)Weak Identity Controls (80%+ breaches involve credentials per DBIR)Ungoverned AI Systems (Increase Risk Exposure).
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Enhance identity and access management, improve help desk security procedures, and implement advanced behavioral analytics., Transition critical data from cloud to local storage with enhanced security.Deploy advanced threat detection for AI-generated attacks (e.g., voice/deepfake detection).Strengthen password policies and enforce MFA across all systems.Collaborate with law enforcement and cybersecurity firms (e.g., Stealth ISS Group) for proactive defense., Implement AI-governed detection/automation.Hardening MFA/SSO and session controls.Reduce mean time to identify/contain (target <200 days).Conduct disclosure tabletop exercises for SEC compliance.Refresh security tooling and audit controls post-incident..
.png)
Latest Global CVEs (Not Company-Specific)
Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.
Risk Information
cvss3
Base: 4.9
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Description
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Description
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Description
NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.
Risk Information
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.
Risk Information
cvss3
Base: 8.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
cvss4
Base: 7.1
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=mgm-resorts-international' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
