Marriott, MGM Postpone Points Partnership Following Cyberattack

Posted on: October 30, 2023, 11:00h. 

Last updated on: October 30, 2023, 02:04h.

Todd Shriber @etfgodfather Read More
Expertise: Financial, Gaming Business, Mergers and Acquisitions.

Marriott International and MGM Resorts International will delay their widely anticipated customer loyalty partnership until next year after the casino operator endured a ransomware attack in September.

Cosmopolitan Las Vegas
MGM’s Cosmopolitan Las Vegas, seen above. Marriott and MGM are delaying the MGM Collection with Marriott Bonvoy until 2024. (Image: YouTube)

In July, the two travel and leisure behemoths announced the MGM Collection with Marriott Bonvoy. That long-term strategic licensing agreement covers MGM’s 17 domestic properties, including those on the Las Vegas Strip and the brand’s regional casino hotels. It was slated to go into effect this month.

When the accord was announced in July, it was expected that all of MGM’s domestic casino hotels would be available for booking on Marriott platforms by the end of this year. The launch is now being delayed until 2024. In rewards program circles, it’s believed a September cyberattack against MGM conducted by the hacking group “Scattered Spider” is to blame for the setback.

MGM recently proclaimed that the debacle is behind it and that it did not pay Scattered Spider’s ransom demands. But the Bellagio operator did incur $10 million in one-time costs related to the attack, as well as a $100 million pinch to its third-quarter earnings before interest, taxes, depreciation, amortization, and restructuring or rent costs (EBITDAR).

Delaying Marriott, MGM Partnership Makes Sense

Hoteliers, gaming and otherwise, come into contact with substantial amounts of sensitive customer data.

In a letter to customers earlier this month, MGM CEO Bill Hornbuckle said the perpetrators accessed the “name, contact information, gender, date of birth, and driver’s license number” data of some customers who did business with the company before March 2019. A more limited number of clients may have had their Social Security or passport numbers pilfered.

This could be one reason why the MGM Collection with Marriott Bonvoy is delayed. The size and scope of the companies’ reward programs could be another. MGM Rewards has more than 40 million members, while Marriott Bonvoy has north of 180 million participants.

Given the potential reputational risk to companies that suffer cyberattacks, it makes sense for Marriott and MGM to be pragmatic in launching their partnership. Marriott is no stranger to cyberattacks. The hotel operator endured such events in 2014, which led to a $24 million fine in the UK in 2020 and last year.

Logistics Could Be Reason for Delay, Too

Neither Marriott nor MGM has publicly confirmed that the ransomware attack endured by the latter is causing the delay in the partnership. Logistics could be a reason, too, because there are multiple layers, and various MGM casino hotels are included in different tiers.

Of the 17 MGM resorts that will join MGM Collection with Marriott Bonvoy, four properties will also be affiliated with existing Marriott collection brands: Bellagio Resort & Casino will join The Luxury Collection, ARIA Resort & Casino will join Autograph Collection, Park MGM will become part of Tribute Portfolio, and The Cosmopolitan of Las Vegas will continue its affiliation with Autograph Collection,” according to a statement issued by the companies in July.

MGM’s Las Vegas Strip venues not mentioned above will be part of the MGM Collection with Marriott Bonvoy, as will five of the operator’s regional casinos. That quintet includes Borgata on the Atlantic City, N.J. Boardwalk.