MGM sees $100 million cost from recent cybersecurity attack

Most of the cost will fall on third-quarter results, with “minimal impact” to its fourth quarter, MGM Resorts said. MGM is expected to report third-quarter earnings in early November.

See also: A stranger in your hotel room? Kitty-litter shortages? Online attacks are causing real-world effects.

Moreover, the company “does not expect that it will have a material effect on its financial condition and results of operations for the year,” it said in the filing.

“While the company experienced impacts to occupancy due to the availability of bookings through the company’s website and mobile applications, it was mostly contained to the month of September,” it said.

Late Wednesday, Clorox Co.
CLX,
-5.23%
cut its outlook because of its cybersecurity attack over the summer.

MGM also has spent less than $10 million in one-time expenses related to the attack, mostly on technology consulting services, legal fees and expenses of other third-party advisers, it said.

Separately, a Wall Street Journal report on Thursday said that MGM refused to pay hackers a ransom in connection with the cyberattack, unlike rival Caesars Entertainment Inc.
CZR,
-1.49%,
which was hacked in the summer and reportedly paid about $30 million in ransom.

MGM said that based on its investigation, the hack is “contained.” Hackers obtained some customers’ personal information, including names and contact information, such as phone numbers and mailing and email addresses, as well as driver’s license numbers.

For a “limited” number of customers, the hackers also obtained Social Security and passport numbers, the company said. “The types of impacted information varied by individual,” it said.

Bank accounts and payment-card information were not part of the hack, it said. MGM said it will notify impacted customers by email and offer ID protection and credit-monitoring services.