MGM Resorts, one of the largest hotel and casino operators in the world, suffered a ransomware attack in 2020 that resulted in a massive data breach and a financial loss of over $100 million. The attack was carried out by a cybercriminal group known as REvil, which demanded $21 million in Bitcoin for the decryption of the encrypted files and the deletion of the stolen data. However, MGM Resorts refused to pay the ransom and instead notified the authorities and its customers about the incident.
The data breach affected approximately 10.6 million guests who stayed at MGM Resorts properties between July 2017 and September 2020. The stolen data included personal information such as names, addresses, phone numbers, email addresses, dates of birth, gender, loyalty program numbers, and reservation details. Some of the affected guests were celebrities, politicians, journalists, and CEOs. The data breach also exposed some internal documents and financial records of MGM Resorts.
The stolen data was initially offered for sale on a dark web forum called Empire Market by a hacker who claimed to be part of REvil. The hacker asked for $2,500 in Bitcoin for each batch of one million records. However, after Empire Market went offline in August 2020, the hacker moved to another dark web forum called Joker’s Stash, where he increased the price to $4,000 per batch. The hacker also claimed to have access to more than 200 GB of additional data from MGM Resorts, including credit card information and passport scans.
MGM Resorts took several steps to mitigate the impact of the data breach and prevent future incidents. The company hired cybersecurity experts to investigate the attack and enhance its security measures. It also offered free credit monitoring and identity theft protection services to its affected customers. It notified the relevant regulators and law enforcement agencies about the breach and cooperated with their investigations. It also filed a lawsuit against REvil in October 2020, seeking damages and injunctive relief.