--- title: The MGM ransomware attack: What fraud teams should learn from the breach source_page: https://www.sardine.ai/media/fraudology/episodes/mgm-ransomware-attack canonical: https://www.sardine.ai/media/fraudology/episodes/mgm-ransomware-attack format: text/markdown date: 2023-09-19T00:00:00Z description: The MGM ransomware attack shows how social engineering, vendor risk, and exposed data can drive online fraud, account takeover, and breach-related scams --- **Quick links:** [Human page](https://www.sardine.ai/media/fraudology/episodes/mgm-ransomware-attack) · [Home](https://www.sardine.ai) · [Customers](https://www.sardine.ai/customers) · [Blog](https://www.sardine.ai/blog) · [Demo](https://www.sardine.ai/demo) --- # The MGM ransomware attack: What fraud teams should learn from the breach **Published:** 2023-09-19T00:00:00Z The MGM ransomware attack shows how social engineering, vendor risk, and exposed data can drive online fraud, account takeover, and breach-related scams Let’s talk about why the MGM ransomware attack matters so much to fraud teams. At first glance, this looks like a cybersecurity story about outages, encryption, and operational disruption. But when you look closer, it is also a fraud story. Because online fraud is often one of the fastest ways criminals monetize access, stolen data, and system weaknesses exposed during a cyberattack. In this episode, I break down the MGM cyberattack and what fraud professionals should be paying attention to now, not later. That includes the role of social engineering, the risks tied to third-party vendor access, and the fraud vectors companies may face if exposed data is released or sold. And this is exactly why fraud and cyber teams need to work together more closely. Here are a few themes we explore in this episode: why the MGM ransomware attack is relevant to fraud teams how a social engineering breach can lead to much broader compromise why identity verification vulnerabilities and third-party vendor risk matter how to think through online fraud after data breach exposure What you’ll hear in this episode: how the MGM ransomware attack may have started with social engineering why fraud teams need to pay attention to ransomware fraud risk what kinds of fraud vectors often follow a major breach how breach response for fraud teams should connect with cyber response why fraud leadership communication matters after incidents like this You should listen to this episode if you: work in fraud prevention, trust and safety, cybersecurity, or risk want to better understand account takeover risk after a breach are reviewing identity verification vulnerabilities in your organization need practical ways to improve fraud prevention after cyberattack events If you liked this episode, be sure to subscribe and review the podcast on iTunes, Spotify, YouTube, or wherever you listen to podcasts. It really helps with getting the word out. Episode notes & key takeaways The MGM ransomware attack is a good reminder that fraud teams should never ignore breach headlines. Because once attackers gain access, the downstream fraud risk can move fast. That is especially true when social engineering, identity workflows, and third-party systems are involved. Why the MGM ransomware attack matters to fraud teams A lot of fraud teams see ransomware stories and assume that is mainly a cyber issue. But that is usually too narrow. When a breach disrupts operations or exposes sensitive data, it can create direct fraud opportunities. Operational risks may include: increased account takeover risk using exposed personal information phishing and impersonation campaigns tied to breach publicity fraud attempts using leaked data to bypass trust controls broader online fraud after data breach exposure Social engineering can open the door to major fraud risk One of the most important parts of this story is the role social engineering may have played. That matters because attackers do not always need a complex technical exploit if they can manipulate people and trusted workflows instead. For fraud teams, that should raise a lot of questions. Operational concerns may include: weak internal verification processes for employee access social engineering breach tactics targeting help desks and support teams attackers exploiting urgency or familiarity to gain trust fraud losses that begin with human error rather than technical failure Third-party vendor risk and identity workflows deserve more scrutiny This episode also looks at how third-party vendor risk can expand the blast radius of a breach. If a vendor touches authentication, identity verification, or account access, the impact of compromise can grow quickly. And that matters for fraud prevention. Operational risks may include: identity verification vulnerabilities tied to external platforms limited visibility into vendor-linked access and permissions delayed response when fraud teams are not looped in early gaps between cyber incident response and fraud response planning Fraud teams should prepare for downstream breach-related fraud If data from a breach is released, fraud teams need to be ready to assess what types of fraud may come next. That depends on the data exposed and how criminals can use it. This is where practical fraud planning matters most. Operational priorities may include: mapping data breach fraud vectors to your company’s workflows identifying where exposed information could support account takeover risk improving fraud leadership communication using breach headlines as context making verification process improvements before fraud patterns scale One of the things I really wanted to highlight in this episode is that fraud teams do not need to wait until they see direct losses to act. Breach headlines can be an early warning. And when fraud and cybersecurity collaboration happens early, companies are in a much better position to reduce the impact of what comes next.