Sign up/in
    Hottest offers bonus

    MGM Cyberattack Forces Company To Delay Rewards Program With Marriott

    Mgm Cyberattack 1
    Article by : Erik Gibbs Oct 31, 2023

    In July, two major players in the travel and leisure industry, MGM and Marriott Bonvoy, announced a strategic partnership known as the MGM Collection. This agreement covered MGM’s 17 domestic properties, spanning from the Las Vegas Strip to regional casino hotels, and was originally set to take effect this month.

    However, the launch of this collaboration has been postponed until 2024, a delay attributed to a cyberattack in September against MGM by the hacking group “Scattered Spider.”

    MGM recently announced that it refused to comply with Scattered Spider’s ransom demands. However, the cyberattack incurred one-time costs of $10 million and had a $100 million impact on the company’s third-quarter earnings before factoring in interest, taxes, depreciation, amortization, restructuring, or rental costs (EBITDAR).

    The delay in the Marriott-MGM partnership is reasonable given the substantial amount of sensitive customer data that hoteliers, including those in the gaming industry, handle.

    MGM CEO Bill Hornbuckle disclosed that the perpetrators accessed data such as names, contact information, gender, date of birth, and driver’s license numbers of certain customers who had done business with the company before March 2019.

    A smaller number of clients may have had their Social Security or passport numbers compromised.

    Another factor contributing to the delay could be the size and complexity of both companies’ reward programs. MGM Rewards boasts over 40 million members, while Marriott Bonvoy has more than 180 million participants.

    In light of the potential reputational risk associated with cyberattacks, it is prudent for Marriott and MGM to exercise caution in launching their partnership.

    Marriott has previously faced cyberattacks, including incidents in 2014, which led to a £24-million (US$29.14 million) fine in the UK in 2020, as well as an attack last year.

    While neither Marriott nor MGM has publicly confirmed that the ransomware attack was the sole cause of the partnership delay, logistics could also be a contributing factor.  The partnership involves multiple layers, and various MGM casino hotels are part of different tiers within the program.

    Of the 17 MGM resorts set to join the MGM Collection with Marriott Bonvoy, four properties will also be affiliated with existing Marriott collection brands.

    Specifically, Bellagio Resort & Casino will become part of The Luxury Collection, ARIA Resort & Casino will join the Autograph Collection, Park MGM will be integrated into Tribute Portfolio, and

    The Cosmopolitan of Las Vegas will retain its affiliation with the Autograph Collection, as stated in a joint release by the companies in July.

    MGM’s Las Vegas Strip venues, not explicitly mentioned in the above affiliations, will be included in the MGM Collection with Marriott Bonvoy.

    Additionally, five of the operator’s regional casinos, including Borgata on the Atlantic City, New Jersey Boardwalk, are part of this collection. The complexity of coordinating and aligning these properties within the partnership framework could also be contributing to the delay.