MGM Cyberattack Likely Costing Casino Company Millions of Dollars a Day

Posted on: September 18, 2023, 06:41h. 

Last updated on: September 19, 2023, 06:42h.

The MGM cyberattack that began on Sunday, September 10, and continues to disrupt resort operations in Las Vegas and across the company’s U.S. portfolio may be costing the casino giant millions of dollars a day.

MGM cyberattack casino Las Vegas
A sign on the Luxor casino floor notifies guests that MGM Resorts has suffered a cybersecurity incident that has rendered some gaming machines unavailable. MGM is losing millions of dollars a day because of ongoing interruptions caused by the cyberattack. (Image: Las Vegas Review-Journal)

David Katz, managing director of equity research at Jefferies, said in a recent note that MGM Resorts is likely losing millions of dollars daily as the cyberattack lingers on. Though MGM’s casino resort websites were restored last week, online room reservations remain on hold.

Guests are facing long lines upon check-in at MGM properties. Gamblers also cannot use self-service gaming cashier kiosks to redeem vouchers but instead must wait for a floor attendant to manually pay out their winnings.

The service and operational disruptions, Katz says, could be costing the Bellagio operator as much as $8.4 million a day in lost revenue and $1 million in cash flow. Katz’s projections are based on his estimates that MGM is suffering a 10%-20% daily hit on revenue and cash flow until the cyberattack is resolved.

MGM’s 2022 earnings report detailed that MGM domestically generates about $42 million in resort revenue and $8 million in cash flow every 24 hours.

Cash flow, Investopedia explains, is the “net cash and cash equivalents transferred in and out of a company. Cash received represents inflows, while money spent represents outflows. A company creates value for shareholders through its ability to generate positive cash flows and maximize long-term free cash flow.”

Stock Losses

Scattered Spider, a cybercriminal organization, has claimed responsibility for the recent MGM and Caesars Entertainment hacks. Caesars avoided its own operational interruptions by reportedly paying a $15 million ransom.

MGM brass is taking a different approach in refusing, at least so far, to pay the online criminals a ransom. Scattered Spider says it successfully obtained six terabytes of sensitive data on the two casino operators.

MGM’s stock price has taken a hit amid the cyberattack, along with the revenue and cash flow losses. Traded on the New York Stock Exchange, MGM shares are down more than 7% since the operator’s websites went offline and its casino slot machines began malfunctioning.

Neither MGM nor Scattered Spider has said what sort of confidential data the hack might have resulted in being seized. Caesars confirmed through a regulatory filing with the U.S. Securities and Exchange Commission that its Caesars Rewards database was targeted.

“We have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate, and investigate this matter,” the 8-K filing read. “The full scope of the costs and related impacts of this incident, including the extent to which these costs will be offset by our cybersecurity insurance or potential indemnification claims against third parties, has not been determined.”

MGM Update

On Friday, MGM Resorts issued a statement notifying the media and consumers that the company’s websites and mobile app were back up and running but functioning only in a limited capacity.

Restaurant and nightlife reservations can be made online, but room bookings remain disabled. MGM says room reservations can be made online through third-party booking sites like Expedia.

MGM says guests with reservations through September 24 can cancel without penalty. Guests who were charged the first night of their reservation at the time of booking can also have those charges refunded.