A Single Employee Click Cost MGM Resorts $100 Million In September 2023, MGM Resorts International disclosed a devastating cyberattack that disrupted hotel operations, slot machines, and reservation systems across Las Vegas. The attack vector? A social engineering phone call. A threat actor impersonated an employee, called the IT help desk,
In January 2023, T-Mobile disclosed that a threat actor had stolen data on roughly 37 million customer accounts by exploiting a single API vulnerability. But here's what most people missed in the headlines — the breach went undetected for over a month. That's not just a technology
When MGM Resorts got hit with a devastating social engineering attack in September 2023, it wasn't a firewall failure. It wasn't a zero-day exploit. A threat actor called the help desk, impersonated an employee, and walked right through the front door. The estimated cost? Over $100
In 2022, Medibank — one of Australia's largest health insurers — suffered a breach that exposed 9.7 million customer records. The root cause? Compromised credentials. A single employee's stolen login led to one of the most damaging data breaches in Australian history. Medibank had security awareness training
A 45-Minute Slide Deck Didn't Stop the Breach at MGM In September 2023, a threat actor social-engineered their way into MGM Resorts' systems with a single phone call. The attackers reportedly found an employee on LinkedIn, called the help desk, and convinced someone to reset credentials. The
A $2.6 Million Invoice Nobody Budgeted For In March 2023, the city of Oakland, California declared a state of emergency after a ransomware attack crippled city services for weeks. Systems went offline. Sensitive employee data leaked onto the dark web. The estimated recovery cost? Millions. And the initial entry
In March 2023, the FBI's Internet Crime Complaint Center reported that Americans lost over $10.3 billion to cybercrime in 2022 — a 49% jump from 2021. The vast majority of those losses traced back to failures in basic security practices. Not zero-day exploits. Not nation-state attacks. Basic, preventable
In March 2023, the FBI's Internet Crime Complaint Center reported that Americans lost over $10.3 billion to cybercrime in 2022 — a 49% increase from 2021. The majority of those losses didn't come from sophisticated nation-state attacks. They came from poor habits: reused passwords, unpatched software,
In March 2023, the FBI's Internet Crime Complaint Center reported that Americans lost over $10.3 billion to cybercrime in 2022 — a 49% increase from the year before. The uncomfortable truth? Most of those losses trace back to failures in basic security practices, not sophisticated zero-day exploits. A
The SolarWinds Wake-Up Call That Still Echoes in Every Boardroom When SolarWinds disclosed its massive supply chain compromise in late 2020, it wasn't just IT teams scrambling — it was CEOs fielding calls from senators, board members demanding answers they didn't have, and general counsel mapping out
