MGM Resorts Social Engineering Attack

MGM Resorts data breach affecting 10.6M records.

8.7

Severity Score

Records Exposed

10.6M

Breach Date

September 2023

Attack Vector

Social Engineering + Ransomware

Financial Impact

$100 Million

Exposed Data Types

Names SSN Addresses Phone Numbers Credit Cards Government IDs

The Scattered Spider group used a simple social engineering phone call to MGM’s IT help desk to gain initial access, then deployed ALPHV/BlackCat ransomware. The attack shut down slot machines, hotel key cards, and reservation systems across all MGM properties for over a week.

Impact Assessment

Data Sensitivity

8.7

Scale

10.6M

Public Exposure

High