Incident Types: The types of cybersecurity incidents that have occurred include Breach, Ransomware and Cyber Attack.

Total Financial Loss: The total financial loss from these incidents is estimated to be $600 million.

Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with experian, and remediation measures with identity theft protection services offered, and incident response plan activated with likely (for mgm and caesars, given public disclosure), and third party assistance with stealth iss group (cybersecurity consulting mentioned), and law enforcement notified with yes (17-year-old hacker arrested; case in juvenile court), and communication strategy with limited (some breaches never made the news), and and and third party assistance with ir retainers, third party assistance with forensics teams, third party assistance with third-party monitoring, and containment measures with network isolation, containment measures with edr uplift, containment measures with ai-driven triage, and remediation measures with security rebuild, remediation measures with audit controls, remediation measures with tooling refresh, and recovery measures with data review/ediscovery, recovery measures with system restore, and communication strategy with sec-mandated disclosure (4 business days), communication strategy with customer notification, communication strategy with call center support, and enhanced monitoring with post-breach audits, enhanced monitoring with continuous threat detection..

Common Attack Types: The most common types of attacks the company has faced is Ransomware.

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing, VishingSIM-swappingMFA Fatigue Attacks, Help Desk Impersonation, Gaming SitesSwatting, Social Engineering, Phishing, social engineering (voice cloning, deepfakes)exploiting publicly available data (e.g., YouTube videos)cloud misconfigurations and PhishingCredential TheftPrivilege Misuse.

Average Financial Loss: The average financial loss per incident is $54.55 million.

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Driver'S License Numbers, , Social Security Numbers, , Personal Information, Potentially Financial Data, Employee Records, , Confidential victim data, Customer Records, Pii, High-Value Target Data and .

Incident Response Plan: The company's incident response plan is described as Likely (for MGM and Caesars, given public disclosure), .

Third-Party Assistance: The company involves third-party assistance in incident response through Experian, , Stealth ISS Group (cybersecurity consulting mentioned), IR Retainers, Forensics Teams, Third-Party Monitoring, .

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Identity theft protection services offered, , Security Rebuild, Audit Controls, Tooling Refresh, .

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by network isolation, edr uplift, ai-driven triage and .

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Data Review/eDiscovery, System Restore, .

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuits, Ongoing (17-year-old hacker's case in court), Ongoing prosecution of 17-year-old suspect; potential adult trial for extortion/conspiracy, Class Actions, Agency Settlements, .

Key Lessons Learned: The key lessons learned from past incidents are The incident highlights the need for comprehensive identity governance, advanced behavioral analytics, and security architectures that assume compromise rather than attempting to prevent all intrusions.AI tools lower the barrier for cyberattacks, enabling faster and more sophisticated breaches (e.g., voice cloning, deepfakes).,Social engineering remains a critical vulnerability, especially with publicly available data (e.g., YouTube videos).,Cloud storage does not guarantee security and may introduce additional risks if not properly managed.,Adversarial nations are systematically training young hackers for cyber espionage against U.S. targets.,Password hygiene (e.g., changing passwords every 6 months) is essential but insufficient alone to prevent breaches.Faster detection/containment reduces costs significantly (2025’s 9% global decline).,Identity controls (MFA, SSO hardening) mitigate most breaches (DBIR 2025).,Ransomware recovery costs exceed ransom payments; budget for recovery over paying.,SEC rules shorten response windows, increasing legal/operational pressure.,Data minimization and retention hygiene reduce per-record costs.

Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Implement phishing-resistant multi-factor authentication, enhance help desk security procedures, secure virtualization infrastructure and and improve cloud security measures..

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: SEC Filing, and Source: SOSIntelligence, and Source: Rapid7, and Source: FBI, and Source: Maine Office of the Attorney GeneralDate Accessed: 2023-10-05, and Source: Maine Office of the Attorney GeneralDate Accessed: 2022-12-21, and Source: Cybersecurity Reports, and Source: News 3 Las Vegas, and Source: Stealth ISS Group (Dasha Davies, President & CISO), and Source: Tom's Hardware, and Source: IBM Cost of a Data Breach Report 2025, and Source: Verizon Data Breach Investigations Report (DBIR) 2025, and Source: Coveware/Chainalysis Ransomware Trend Trackers.

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Limited (some breaches never made the news), Sec-Mandated Disclosure (4 Business Days), Customer Notification and Call Center Support.

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Limited (some breaches not publicly disclosed), Sec-Mandated Disclosures, Board Communications, Regulatory Reporting, Notification Letters, Credit Monitoring Services, Call Center Support and .

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Experian, , Stealth ISS Group (cybersecurity consulting mentioned), Ir Retainers, Forensics Teams, Third-Party Monitoring, , Post-Breach Audits, Continuous Threat Detection, .

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Enhance identity and access management, improve help desk security procedures, and implement advanced behavioral analytics., Transition Critical Data From Cloud To Local Storage With Enhanced Security., Deploy Advanced Threat Detection For Ai-Generated Attacks (E.G., Voice/Deepfake Detection)., Strengthen Password Policies And Enforce Mfa Across All Systems., Collaborate With Law Enforcement And Cybersecurity Firms (E.G., Stealth Iss Group) For Proactive Defense., , Implement Ai-Governed Detection/Automation., Hardening Mfa/Sso And Session Controls., Reduce Mean Time To Identify/Contain (Target <200 Days)., Conduct Disclosure Tabletop Exercises For Sec Compliance., Refresh Security Tooling And Audit Controls Post-Incident., .

Ransom Payment History: The company has Paid ransoms in the past.

Last Ransom Demanded: The amount of the last ransom demanded was $15 million (paid by Caesars Entertainment).

Last Attacking Group: The attacking group in the last incident were an ALPHV, BlackCat/Alphv gang, SCATTERED SPIDER, Scattered Spider (also known as UNC3944, Scatter Swine, Muddled Libra), The Com, Scattered Spider (UNC3944, Octo Tempest, 0ktapus, Muddled Libra, Scatter Swine), 17-year-old hacker from Illinois (arrested)state-sponsored hackers (China, Russia, North Korea implied)young hackers (as young as 13–14, trained in cyber academies) and Scattered Spider.

Most Recent Incident Detected: The most recent incident detected was on September 2023.

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2022-12-21.

Highest Financial Loss: The highest financial loss from an incident was $100 million.

Most Significant Data Compromised: The most significant data compromised in an incident were 37 million customers and business information, Approximately 6 terabytes of data, Driver's License Numbers, , Social Security numbers, , personal information, potentially payment data, employee/customer records, and Confidential victim data (exfiltrated).

Most Significant System Affected: The most significant system affected in an incident was WebsiteSmartphone AppsElectronic PaymentsDigital Key CardsSlot MachinesATMsPaid Parking Systems and and OktaActive DirectoryAzure AD and and .

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was experian, , Stealth ISS Group (cybersecurity consulting mentioned), ir retainers, forensics teams, third-party monitoring, .

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Network IsolationEDR UpliftAI-Driven Triage.

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were employee/customer records, Approximately 6 terabytes of data, potentially payment data, Confidential victim data (exfiltrated), personal information, Driver's License Numbers, 37 million customers and business information and Social Security numbers.

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 37.2M.

Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was $15 million (paid by Caesars Entertainment).

Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuits, Ongoing (17-year-old hacker's case in court), Ongoing prosecution of 17-year-old suspect; potential adult trial for extortion/conspiracy, Class Actions, Agency Settlements, .

Most Significant Lesson Learned: The most significant lesson learned from past incidents was Data minimization and retention hygiene reduce per-record costs.

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Implement multi-factor authentication (MFA) and strict access controls to mitigate social engineering risks., Enhance monitoring for unusual activity, especially in high-risk industries (e.g., gaming, healthcare, finance)., Implement phishing-resistant multi-factor authentication, enhance help desk security procedures, secure virtualization infrastructure, and improve cloud security measures., Invest in AI-driven detection/automation (governed to avoid risk exposure)., Treat detection, IR runbooks, and customer communications as capital investments., Prioritize identity-first security (phishing-resistant MFA, session controls)., Educate employees and users on AI-driven threats (e.g., voice cloning, deepfake phishing)., Regularly update passwords and monitor for unauthorized access, assuming breaches are inevitable., Businesses should conduct frequent security audits to identify and address gaps in defenses., Test response readiness with disclosure tabletop exercises., Adopt data minimization strategies to lower per-record breach costs. and Avoid storing critical data in the cloud; prefer local storage for sensitive information..

Most Recent Source: The most recent source of information about an incident are Tom's Hardware, Cybersecurity Reports, Maine Office of the Attorney General, SEC Filing, Coveware/Chainalysis Ransomware Trend Trackers, News 3 Las Vegas, SOSIntelligence, Stealth ISS Group (Dasha Davies, President & CISO), IBM Cost of a Data Breach Report 2025, FBI, Rapid7 and Verizon Data Breach Investigations Report (DBIR) 2025.

Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.

Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was SEC-Mandated Disclosures, Board Communications, Regulatory Reporting, .

Most Recent Customer Advisory: The most recent customer advisory issued were an Limited (some breaches not publicly disclosed) and Notification LettersCredit Monitoring ServicesCall Center Support.

Most Recent Entry Point: The most recent entry point used by an initial access broker were an Help Desk Impersonation, Phishing, Social Engineering and Phishing.

Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Human Factors, Sophisticated social engineering, abuse of legitimate administrative tools, and targeting of virtualization infrastructure., Over-reliance on cloud storage without proper security controls.Lack of user awareness about AI-driven social engineering tactics.Insufficient protection for publicly available personal data (e.g., voice/video recordings).State-sponsored training of young hackers exacerbating the threat landscape., Slow Detection/Escalation (2024’s top cost driver)Weak Identity Controls (80%+ breaches involve credentials per DBIR)Ungoverned AI Systems (Increase Risk Exposure).

Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Enhance identity and access management, improve help desk security procedures, and implement advanced behavioral analytics., Transition critical data from cloud to local storage with enhanced security.Deploy advanced threat detection for AI-generated attacks (e.g., voice/deepfake detection).Strengthen password policies and enforce MFA across all systems.Collaborate with law enforcement and cybersecurity firms (e.g., Stealth ISS Group) for proactive defense., Implement AI-governed detection/automation.Hardening MFA/SSO and session controls.Reduce mean time to identify/contain (target <200 days).Conduct disclosure tabletop exercises for SEC compliance.Refresh security tooling and audit controls post-incident..