MGM says last month's cyberattack will cost it as much as $100 million

Related: Why a Caesars move may be to blame for MGM's cyberattack

In a regulatory filing with the Securities and Exchange Commission, MGM admitted that hackers obtained some personal information belonging to customers who made transactions with the company prior to March 2019. 

That information includes names, contact info, gender, dates of birth, and driver's license numbers. For some, the hackers were even able to collect social security and passport numbers from their attack. However, the company also says that it does not believe that customer passwords, bank account numbers or payment card information were obtained by the criminal actors.

Related: Las Vegas Strip faces a massive problem bigger than covid

For investors, the company says that it believes the attack will have a negative impact on its third quarter 2023 results, predominantly in its Las Vegas operations, to the tune of about $100 million. 

MGM says occupancy rates during the month were down about 5% to 88% compared to the year prior. 

"Although the Company currently believes that its cybersecurity insurance will be sufficient to cover the financial impact to its business as a result of the operational disruptions, the one-time expenses described above and future expenses, the full scope of the costs and related impacts of this issue has not been determined," MGM said in its filing. 

MGM shares dropped as much as 18.5% between Sept. 11 and Thursday's close. (The shares closed up 4.9% to $36.48 on Friday.  

Get investment guidance from trusted portfolio managers without the management fees. Sign up for Action Alerts PLUS now.