Was MGM Resorts International hacked?

Yes. The MGM Resorts breach occurred on September 11, 2023, affecting Undisclosed records.

What data was exposed in the MGM Resorts International breach?

The 2023 MGM Resorts cyberattack shut down hotel and casino operations for 10 days, costing over $100 million. Learn what happened.

What should I do if I was affected by the MGM Resorts International data breach?

Check if your data was exposed using our free tool, change your passwords, enable two-factor authentication, and monitor your accounts for suspicious activity.

MGM Resorts Data Breach

Critical Severity Undisclosed records affected Published February 10, 2026

Company	MGM Resorts International
Breach Date	September 11, 2023
Disclosure Date	September 11, 2023
Records Affected	Undisclosed

In September 2023, MGM Resorts International suffered a devastating cyberattack that shut down hotel and casino operations across its properties for approximately 10 days. The attack, carried out by the Scattered Spider group using ALPHV/BlackCat ransomware, cost the company over $100 million.

What Happened

On September 11, 2023, attackers from the Scattered Spider group (also known as UNC3944) gained access to MGM Resorts' systems through a social engineering attack on the company's IT help desk. The attackers reportedly found an MGM employee on LinkedIn, called the help desk, and impersonated the employee to obtain credentials. Once inside, the group deployed ALPHV/BlackCat ransomware, encrypting and disrupting systems across MGM's properties. Hotel key card systems, slot machines, ATMs, the website, and reservation systems all went offline. Guests were unable to check in digitally, and casino floors were partially shut down. MGM refused to pay the ransom. The total cost to the company exceeded $100 million including lost revenue, remediation, and customer compensation.

What Data Was Exposed

Full names
Phone numbers
Email addresses
Postal addresses
Gender
Dates of birth
Driver's license numbers (for some customers)
Social Security numbers (for a limited number of customers)
Passport numbers (for a limited number of customers)

Who Is Affected

MGM Resorts customers who had personal data on file with the company were affected. This includes guests who stayed at MGM properties, members of the MGM Rewards loyalty program, and anyone who made reservations. The exact number of affected individuals was not publicly disclosed, though MGM operates over 30 properties and has millions of loyalty program members.

How to Check If You Were Affected

MGM Resorts sent notification letters to affected customers. Check your email and physical mail for communications from MGM. If you were an MGM Rewards member or stayed at an MGM property, contact MGM's customer support for information about your data. Visit HaveIBeenPwned.com to check if your email appears in any related breach data.

What You Should Do Now

Enroll in the free identity protection services offered by MGM
Monitor your credit reports for unauthorized accounts
Place a credit freeze if your SSN or driver's license was exposed
Change your MGM Rewards password and security questions
Be cautious of phishing emails or calls claiming to be from MGM
If your passport number was exposed, consider applying for a new passport
Monitor bank accounts and credit cards used at MGM properties

Last updated: February 10, 2026