In September 2023, MGM Resorts—one of the world’s largest casino and hospitality operators—suffered a major cyber attack that crippled operations for nearly a week. The incident disrupted flagship Las Vegas properties such as the Bellagio, Mandalay Bay, and the Cosmopolitan, along with other MGM-owned resorts nationwide.
Guests faced widespread issues including malfunctioning slot machines, disabled ATMs, inoperative digital key cards, and broken payment systems. In some cases, MGM reverted to pen-and-paper operations. As a goodwill gesture, the company waived cancellation fees for affected travelers.
By 2025, the story entered a new phase as MGM launched a class-action settlement program addressing both the MGM data breach of 2019 and the MGM cyber attack of 2023. The settlement provides financial compensation to affected guests and underscores how cybersecurity lapses can have multi-year consequences for even the largest global brands.
What Happened in the MGM Cyberattack?
The MGM breach began when cybercriminals gained access to internal systems, paralyzing hotel operations and exposing sensitive guest data. Over several days, everything from slot machines to mobile check-ins was offline, forcing staff to process transactions manually.
The attack spotlighted the vulnerability of modern hospitality systems—especially those reliant on interconnected networks for reservations, loyalty programs, and payment processing.
In the months that followed, investigators confirmed that portions of MGM’s data infrastructure had been encrypted by ransomware, and sensitive customer information was accessed.
How Did Hackers Breach MGM?
Cybersecurity researchers linked the MGM hack to Scattered Spider, a subgroup of the ALPHV (BlackCat) ransomware gang. The group used a mix of vishing (voice phishing) and multi-factor authentication fatigue tactics to trick employees into providing login credentials.
Once inside, the attackers escalated privileges, exfiltrated data, and deployed ransomware that locked key systems. These techniques demonstrated how social engineering remains one of the most effective ways to compromise large corporations.
New evidence suggested Scattered Spider also targeted Caesars Entertainment during the same period—Caesars reportedly paid a ransom to protect customer data—showing how coordinated and opportunistic modern threat actors have become.
Has MGM Been Hacked Before?
Yes. MGM Resorts previously suffered a data breach in 2019 that exposed personal information for roughly 10.6 million guests, including celebrities and business leaders. Stolen data later appeared on public forums.
Although MGM strengthened its cybersecurity defenses afterward, the 2023 attack revealed that human-driven social engineering remains a potent risk even for organizations with robust technical safeguards.
The Fallout of the MGM Resorts Hack
The MGM Resorts cyber attack created far-reaching financial, operational, and reputational damage:
- Revenue losses: MGM reported approximately $100 million in third-quarter 2023 losses due to system downtime.
- Regulatory scrutiny: Federal and state agencies investigated the company’s incident response and reporting compliance.
- Customer trust erosion: Guests expressed frustration online, and many hesitated to use MGM’s digital platforms afterward.
- Legal actions: By 2024, multiple MGM Resorts class-action lawsuit 2025 filings were underway, leading to settlements and ongoing cases.
- Cybersecurity reinvestment: MGM committed $50 million to upgrade endpoint protection, cloud security, and employee training to combat future MGM resorts cyber attacks.
How Were Guests Affected?
Guests experienced a cascade of disruptions:
- Slot machines, ATMs, and electronic payment systems failed.
- Digital room keys stopped working, forcing manual check-ins.
- Reservations and loyalty accounts became inaccessible.
- Restaurants and bars switched to cash-only transactions.
While MGM restored most systems within a week, sporadic issues persisted into early 2024, illustrating how complex and interconnected casino operations truly are.
Was Any Customer Information Stolen in the 2023 MGM Resorts Data Hack?
Investigations completed in early 2024 confirmed that attackers accessed guest data including names, contact information, dates of birth, and driver’s license numbers. A smaller group also had Social Security or passport details compromised.
Though MGM stated there was no evidence of widespread identity theft, affected customers were offered free credit-monitoring and fraud-alert services as part of legal settlements.
MGM Resorts Class-Action Lawsuit 2025 and Settlement Details
The $45 million MGM Resorts class-action lawsuit 2025 settlement covers individuals affected by the 2019 and 2023 breaches. Eligible claimants received notices between February and April 2025 with unique IDs to submit claims at mgmsettlement.com
What Happened to MGM Resorts Shares After the Attack?
MGM’s stock fell more than 4 percent in the days following the 2023 announcement but recovered gradually through 2024 as Las Vegas tourism rebounded. By early 2025, shares were trading in the mid-$50 range—evidence that strong hospitality demand helped offset short-term cybersecurity fallout.
Cyber Insurance After the MGM Data Breach
The MGM hacked incident demonstrates how one social-engineering call can cause multimillion-dollar losses. For small and mid-sized businesses, a similar disruption could be catastrophic.
That’s where Cyber Insurance steps in. Inszone’s Cyber Liability policies help cover:
- Forensic investigations, legal defense, and regulatory fines.
- Ransom negotiation, data restoration, and lost-income recovery.
Our specialists build comprehensive protection into your business-insurance portfolio, adding social-engineering and business-interruption coverage to ensure that a cyber event doesn’t cripple your operations.
Protect your business before the next MGM-scale breach—contact Inszone Insurance today for a personalized Cyber Insurance quote.
Lessons from the MGM Breach
The MGM breach reinforced that cybersecurity is no longer just an IT issue—it’s an organizational priority. Every company, regardless of size, faces similar social-engineering and ransomware risks.
By investing in proactive defenses, employee training, and a tailored Cyber Insurance policy, businesses can turn unpredictable cyber risk into a managed, insurable expense.
Fatima Gomez
