MGM Resorts International (MGM) refused to pay a ransom demand from hackers in a September cyber attack, according to a person familiar with the matter. The attack caused chaos at MGM resorts on the Las Vegas Strip and crippled its properties and technology across the United States.
MGM Mirage said in a regulatory announcement Thursday that the service disruption caused by the attack and efforts to resolve the issue will cost the company more than $100 million in the fiscal third quarter.
The cyber attack was discovered on September 10 and forced MGM to shut down its IT systems. The shutdown of IT systems crippled slot machines, disrupted online hotel reservations, and required hotel staff to use paper and pen to check in guests, among other effects. The company said on Thursday that business for guests was back to normal.
MGM's decision not to pay the hackers was in line with instructions from the Federal Bureau of Investigation (FBI), which does not support ransom payments. The FBI's website states that paying a ransom does not guarantee that a company will be able to recover data, but it does reward hackers and encourage bad actors to target more victims.


Guests wait in the lobby of the Bellagio hotel in Las Vegas last month after a cyberattack on MGM Mirage slowed hotel bookings and check-in.

MGM Mirage said the service disruption would have a negative impact of $100 million on adjusted real estate earnings before interest, taxes, depreciation, amortization and rent at its Las Vegas and U.S. resorts. Remedial technical advice, legal and advisory services cost less than $10 million.
The company said in a regulatory announcement that the incident took a toll on occupancy at its resorts, which fell to 88% in September from 93% a year earlier. October occupancy is expected to be 93 percent, down from 94 percent a year earlier. The company said bookings would return to normal in November.
MGM Mirage said it has adequate cybersecurity insurance to cover financial losses and that overall, the incident won't have a material impact on the company's results this year.
CEO Bill Hornbuckle said in a letter to customers Thursday that no customer's bank account or payment card information was compromised as a result of the company's swift response.
He said the hackers did steal information, including names, phone numbers, addresses, dates of birth and driver's license numbers, of customers who had done business with MGM Resorts prior to March 2019, and also obtained Social Security numbers and passport numbers for a limited number of customers.
Hornbuckle said the company regrets the outcome and sincerely apologizes to those affected and that the trust of its customers is of utmost importance to the company.
The company said it would contact affected customers.
MGM did not release details of how the hackers gained access to its IT systems.