Lessons We Can All Learn from MGM’s Cybersecurity Breach  

Cyberattack at casino giant reminds us: this stuff is serious!   

Data breaches seem all too common these days. When they really hit the spotlight, though, is when massive organizations like MGM Resorts get hit.  

In September, a cyberattack led to the shutdown of some casino and hotel computer systems at MGM Resorts International properties across the United States.  

The private data of customers who used MGM services prior to March 2019 was breached. (Including contact info, gender, date of birth and driver’s license numbers.) A limited number of Social Security and passport numbers were obtained as well.  

Now, it’s being reported that the disrupted operations will cause a $100 million hit to the company’s third-quarter results.  

As big as the casino giant is, one would think their cybersecurity measures were armed and ready. And perhaps they were, but the company’s recent cybersecurity breach serves as a reminder for organizations and individuals alike to take cybersecurity seriously.  

Anyone – and any business – can be targeted.  


But before you get too alarmed, consider this incident your sign to learn more about how you can protect yourself and your own organization.  

Four lessons from the MGM cybersecurity breach

1. Strengthen your data protection

If you’re not a data security professional, this may not sound fun, but it is oh-so-important: protect your data!  

Seriously. This should be a top priority … obviously.  

Not sure where to begin? Start with something simple, like creating strong passwords. Choose a combination of lower- and upper-case letters, numbers and symbols. Change them periodically, too.  

You should also be cautious of oversharing on social media. Hackers are smart. If you have too many intimate details of your life online, they’ll find you, and your personal information will be at risk. Check your privacy settings so you know who can see your posts and keep personal details to yourself as much as possible. 

2. Know your stuff

Cybersecurity is everyone’s responsibility. Within the workplace, ensure that all employees receive regular training on cybersecurity best practices, such as how to identify phishing emails (your CEO is likely not emailing you to buy them a $10 Starbucks gift card), the importance of strong passwords, and showing caution when it comes to sharing sensitive information. 

Additionally, if you’re browsing online, be sure to look at the top of your browser before entering personal information into a website. You’ll know a site is secure if there’s a lock symbol and the URL begins with “https:”  

3. Keep systems and software up to date

This can be another annoying task … who likes to wait around for 30 minutes while a computer updates? … but it’s necessary.  

Make sure you’re current with all operating systems, applications and firmware.  

On Apple and Windows devices, this is easy enough to do by checking out your settings and seeing if there’s an update available. Better yet—enable automatic software updates!  

4. Communication and transparency are key

For an organization that experiences a cybersecurity incident, communication is crucial. If something happens and transparency is lost, not only will your customers/clients be frustrated, so too will your employees.  

In the event of a cyberattack, communicate openly and promptly. Transparency builds trust and allows for a more coordinated response. 

You can also ensure your business is ready to respond to a data breach by developing an incident response plan ahead of time that outlines the steps to be taken in the event of a cybersecurity breach. This will enable a quick and effective response, hopefully minimizing the impact on the organization. 


  • Cybersecurity is an ongoing effort. And, clearly, it’s becoming increasingly important.  
  • Regularly reviewing and updating your software, systems and policies surrounding data can help you stay on top of things and be as protected as possible.  
  • Cyberattacks can happen to anyone and any organization, but by being as prepared as possible, you’re doing what you can to keep hackers at bay.  
Avatar photo

Lindsey Giardino

Lindsey Giardino is a freelance writer based in Iowa. She's worked with clients ranging in industries from higher education to healthcare to technology and beyond. She dubs herself a lifelong learner, an avid reader, a sub-par cook, and a tries-her-best mom to two little boys.

Leave a Comment