In September 2023, MGM Resorts International lost an estimated $100 million after a threat actor social-engineered a help desk employee with a single phone call. One conversation. That's all it took to cripple slot machines, hotel check-in systems, and digital room keys across Las Vegas for over a
When MGM Resorts got hit in September 2023, the chaos lasted ten days. Hotel room keys stopped working. Slot machines went dark. Reservation systems crashed. The estimated cost topped $100 million. And here's the part that stings — the initial compromise reportedly started with a social engineering call to
In September 2023, MGM Resorts lost an estimated $100 million after a social engineering attack compromised its systems. But the financial damage from the breach itself was only part of the story. The chaos that followed — delayed notifications, regulatory scrutiny, class-action lawsuits — showed exactly what happens when an organization fumbles
The Breach That Cost MGM Resorts Over $100 Million In September 2023, a threat actor called Scattered Spider brought MGM Resorts to its knees — not with some exotic zero-day exploit, but with a phone call. A social engineering attack against the company's IT help desk gave attackers the
The Cost of a Data Breach Is Already Staggering — 2026 Will Be Worse In 2023, IBM's Cost of a Data Breach Report pegged the global average at $4.45 million per incident. By the time the 2024 numbers settle, every indicator suggests that figure will climb again. If
In May 2023, the FTC finalized a revised Health Breach Notification Rule that expanded who must report breaches — and shortened the clock to do it. Most organizations I talk to had no idea the change happened. They found out the hard way: staring down a regulatory inquiry with no incident
The Breach That Started With a Single Reused Password In September 2023, MGM Resorts International lost an estimated $100 million after a threat actor social-engineered their way into systems — and weak credential hygiene played a central role. That incident didn't start with a sophisticated zero-day exploit. It started
In September 2023, a credential stuffing attack against 23andMe exposed the personal data of nearly 7 million users. The root cause wasn't some exotic zero-day exploit. It was reused, weak passwords. Attackers took credentials leaked from other breaches, tried them on 23andMe accounts, and walked right in. That&
The Breach That Started With "Company123!" In September 2023, MGM Resorts lost an estimated $100 million after a threat actor used social engineering to compromise employee credentials. The attack didn't require some sophisticated zero-day exploit. It started with identity — with passwords and people. And it'
In September 2023, MGM Resorts lost an estimated $100 million after a threat actor bypassed their security by socially engineering a helpdesk employee into resetting MFA credentials. Let that sink in. The company had multi-factor authentication. It still wasn't enough — because the multi-factor authentication setup and the processes
