MGM Resorts International, a prominent casino and hotel chain, recently encountered a significant cybersecurity issue that disrupted its online systems, particularly affecting its operations in Las Vegas. While the company did not provide detailed specifics regarding the incident’s origins or timeline, it acknowledged that law enforcement had been alerted and that prompt measures had been taken to safeguard their systems and data.
Nature of the Disruption:
MGM Resorts International faced disruptions that had ramifications for its customers and services. The company’s website went offline, and reports from Facebook users indicated problems with slot machines, access to hotel rooms, and utilizing digital room keys. KTNV 13, a Las Vegas TV station, reported multiple gambling machines going offline and guests unable to make reservations or charge expenses to their rooms.
Response and Investigation (MGM Resorts):
In response to the cybersecurity issue, MGM Resorts International issued a statement expressing its commitment to ongoing investigations to ascertain the incident’s nature and scope. The company emphasized its dedication to providing its renowned dining, entertainment, and gaming experiences to guests, assuring that hotel rooms remained accessible, and front desk staff was available to assist guests during this challenging period.
Potential Impact and Scope:
The full extent of the disruption’s impact remains uncertain. MGM Resorts International boasts thousands of hotel rooms in Las Vegas across renowned properties like Mandalay Bay, Aria, the Bellagio, and MGM Grand Las Vegas. The incident has raised concerns among cybersecurity experts, who believe the company might have fallen victim to a pervasive cyberattack.
Dr. Greg Moody, an associate professor of information systems and cybersecurity at the University of Nevada, Las Vegas, suggested that a “cybersecurity issue” typically indicates an attack on the company’s network. In this case, the attacker(s) may have exploited vulnerabilities in MGM’s security measures to compromise its systems. Such cyberattacks are often motivated by financial gain, involving data theft and ransom demands.
Dr. Arthur Salmon, a professor of computing and information technology at the College of Southern Nevada, emphasized that large businesses, including casinos, are common targets due to the potential reputational harm resulting from data breaches. Security breaches can have significant consequences for customer privacy, making them lucrative targets for cybercriminals.
Yoohwan Kim, a professor of network security at the University of Nevada, Las Vegas, highlighted a common tactic employed by attackers. They may steal data from a financially secure company, demand a ransom for decryption keys, and wait for payment. Ransom amounts can range from hundreds of thousands to low millions for larger companies.
Recovering from a widespread cybersecurity attack can be a prolonged and arduous process, often taking months or even years to fully mitigate the damage. Cyberattacks can disrupt operations, compromise sensitive data, and erode customer trust, requiring comprehensive efforts to restore normalcy and security.
This incident is part of a broader trend of cyberattacks targeting organizations worldwide. Recent notable attacks have impacted critical infrastructure like a gasoline pipeline, hospitals, and grocery chains and IT industry. Intelligence agencies have also faced potential compromises. MGM Resorts International itself experienced a data breach in 2019, affecting approximately 10.6 million individuals.
MGM Resorts International’s encounter with a significant cybersecurity issue highlights the persistent and evolving threat posed by cyberattacks. Large businesses, particularly in industries like casinos, face constant pressure to maintain security, given the severe consequences of data breaches. As the investigation into this incident continues, MGM Resorts remains committed to serving its guests while diligently addressing the cybersecurity challenges it faces. The incident serves as a reminder of the importance of robust cybersecurity measures in an increasingly interconnected and digital world.