MGM Resorts International refused to pay a ransom to hackers who broke into its system and stole customer data in September 2023, according to a report by The Wall Street Journal.

A person familiar with the incident told the Wall Street Journal that the hackers demanded a ransom from MGM Resorts. After a ransomware attack, cybercriminals often demand a ransom and threaten to release stolen data publicly or disable compromised systems if it’s not paid. The Journal’s source said that MGM Resorts refused to pay.

In its Thursday regulatory filing, the company disclosed that the hackers obtained personal information belonging to “some” customers who had used its services before March 2019. The compromised data included customers’ contact information, gender, dates of birth and driver’s license numbers. The hackers also obtained a “limited” number of Social Security and passport numbers.

MGM Resorts didn’t specify exactly how many customers are affected. However, it did disclose that no bank account numbers or payment card information was compromised. The hackers likewise didn’t access data from the company’s Cosmopolitan of Las Vegas resort. 

Buy Me A Coffee

The resort firm estimates that the incident will make a $100 million dent in its adjusted property earnings before interest, taxes, depreciation and amortization. The expenses involved in remediating the breach accounted for less than a 10th of that sum. MGM Resorts’ filing detailed that it spent under $10 million on “remedial technology consulting, legal and advisory services.”

If you think you were affected, here is what MGM says you can do:

The Company has set up a dedicated call center at 800-621-9437 toll-free Monday through Friday from 8 am – 10 pm Central, or Saturday and Sunday from 10 am – 7 pm Central (excluding major U.S. holidays). Please reference engagement number B105892 when calling. The Company also has set up a webpage at with additional information.

24 Bugs in Chinese Biometric Devices Can Compromise Data