MGM Resorts Hit by Cyber Attack, Most Systems Knocked Out
MGM Resorts International, the largest U.S. gambling operator, has experienced company wide system problems since late on Sunday because of a “cybersecurity issue.”
This disruption has hit across almost all the casino operator’s business, from ATM cash dispensers and slot machines in its Las Vegas casinos to the digital room keys used by guests.
The incident has been so severe that some hotel restaurants have resorted to accepting only cash payments, guests have been unable to book online, and in some cases, have been unable to access their rooms.
Senior and other staff have reportedly been unable to even access their company emails, meaning little comment from the operator so far.
“Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems,” said MGM Resorts International in a statement on X.
“Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter.”
Extent of the Impact
The outage has not only affected MGM’s famous Nevada brick & mortar casinos in Las Vegas, such as Aria, Bellagio, Luxor, MGM Grand, and Mandalay Bay. It also seems to have impacted all of MGM’s casino resorts across the U.S.
Reports indicate that all the websites and operations of several of MGM’s regional resorts, including MGM Springfield in Massachusetts, MGM National Harbor in Maryland, and the Empire City Casino in New York, have also seen problems.
MGM’s website said its resorts are still able to take future bookings, but only over the phone.
The exact nature of the cyberattack, the identity of the hackers, and whether any data was exfiltrated from MGM’s systems remain undisclosed. As does the time line for reinstatement of the systems.
The news comes at a bad time for the casino scene on the cyber security front. Last week market-leading cryptocurrency casino operator Stake.com saw $41 million in cryptocurrency funds stolen by a hacker that the FBI says was likely based in North Korea.
Cybersecurity Incidents Increasing
This isn’t the first time MGM Resorts has faced a cybersecurity challenge. In a previous incident in late 2020, personal information of more than 140 million MGM guests was shared on Telegram. The compromised data encompassed details like guests’ full names, postal addresses, email addresses, phone numbers, and dates of birth. However, it did not contain any financial information.
Either way, the repercussions of this latest cybersecurity incident for the operator could be immense. It has been felt in the stock market already, with MGM shares closing down by nearly 2.4% on Monday.
The incident underscores the vulnerabilities faced by major corporations in the digital age, and raises questions about their preparedness in the face of sophisticated cyber threats. Earlier this year, cyber security platform CloudFlare reiterated that U.S. companies were the biggest target for Distributed Denial of Service (DDoS) botnet attacks that can take websites out of action.
Even the Department of Homeland Security has warned about the potential risks to the U.S. hospitality sector.
“A large communications failure or intentional cyberattack could substantially disrupt payments and basic operations, compromise customer and company data privacy, threaten company integrity and reputation, and create large legal and economic burdens,” it said in 2015.
As one of the world’s largest gambling companies and the biggest in the U.S., MGM facing two major cyberattacks in the space of just three years is a concerning development.