US casino giant MGM Resorts issued a notice overnight stating that its hotels and casinos are now “operating normally” following the 10 September cyberattack that crippled operations across the United States.
“We are pleased that all of our hotels and casinos are operating normally,” the notice reads. “Our amazing employees are ready to help guests with any intermittent issues. We thank you for your patience and look forward to welcoming you soon.”
It added that Slot Dollars and FREEPLAY are also available now at all properties, while “MGM Rewards members’ accounts will be adjusted to reflect Tier Credits and MGM Rewards points at a later date,” although “MGM Rewards points redemption and certain promotional offers may be unavailable.”
MGM said customers could now use the MGM Resorts app as per usual and to book dining, entertainment or salon experiences.
MGM had struggled to restore full control of its systems in the wake of the attack, which saw website, email and reservations systems all down and dozens of slot machines switched off at its resorts in Las Vegas, Atlantic City and Ohio. CDC Gaming Reports also revealed at the time reports of ATMs being offline and guests locked out of their hotel rooms because their digital keys were not working.
Jefferies Group equity analyst David Katz wrote in a weekend note that MGM was likely losing between US$4.2 million and US$8.4 million in revenue every day the issues persisted, representing a hit of between 10% and 20% on daily revenues and cash flow.
However, he also outlined his belief that the pain would be short-lived and costs mostly covered by insurance.
“The cyberattacks (including a similar attack on Caesars Entertainment) should be taken as one-time, largely insurable events that should not have long-lasting impacts on the businesses, assuming that the event is short-lived,” Katz said.
“Our sense is that MGM’s impact could potentially be material but moderate near term, while Caesars should see no meaningful impact and the question of whether any business is displaced among operators near term is fair.
“Given what we expect should be predominantly insurable events for all concerned should mitigate the impact to MGM if it turns out to be significant.”
JMP Securities gaming analyst Jordan Bender also wrote this week that MGM would be covered by a US$200 million cyber insurance policy that covers ransom payments and business interruption, as reported by The Nevada Independent’s Howard Stutz.
“If the breach is fully covered within the policy, MGM will incur minimal costs along the way, and see insurance premiums go up, but it would amount to a drop in the bucket for a company generating $4.7 billion of [cash flow] this year,” Bender said.
The cyberattack did not affect MGM’s Macau-based subsidiary, MGM China.