On September 10, MGM Resorts in Las Vegas was struck with a “cyber security incident” that led to the malfunction of elevators, any payment type in the resort, the MGM app, phones, and all slot machines.
After noticing the repeating errors across the resort, on September 11, MGM was forced to proceed with the shutdown of their digital systems. The attack forced the Company to shut down network systems, debilitating hotel and gambling operations at more than a dozen MGM resorts on the Vegas Strip and several others in the US. In addition to the shutdown, it was posted on the official X account that “MGM Resorts recently identified a cyber security issue affecting some of the Company’s systems. Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems.” Ensuring that the MGM Resort is working diligently to correct the situation and restore functionality to their resort hotels.
In the meantime, guests are shocked by blue screens affiliated with “out of order” messages on every machine in the casino, along with TVs and ATMs showing a lost connection. Unable to cancel reservations or call any resorts, guests are furious.
Following the 11th, about ten hours later, MGM sent another message out via X announcing, “As an update to our previous statement, our resorts, including dining, entertainment, and gaming, are currently operational and continue to deliver the experiences for with MGM is known. Our guests can access their hotel rooms, and our Front Desk staff is ready to assist our guests as needed. We appreciate your patience.
Guests responding to this announcement are filled with rage. Reportedly, hour-long lines for small payments at slots and check-in only worsen the outbreak for their guests.
September 12, the second day of the attack. Matters are in the same state; all digital devices are shut down and not operating. MGM Resorts has not posted a follow-up. However, VX-Underground, a group of researchers that collect malware and code on the internet, posted about the MGM cyber attack, saying that the only thing the hacker had to do was call an employee for ten minutes. Here is the post: “All ALPHV ransomware group did to compromise MGM resorts was hop on Linkedin, find an employee, then call the help desk. A company valued at $33,900,000,000 was defeated by a 10-minute conversation.”. The hacking group Scattered Spider claims to be behind the cyberattack. This group was previously known to target video game makers and telecom companies. When a Scattered Spider representative questioned why they switched to casinos, they said they don’t have set target companies but simply, “If you have money, we want it.”
On September 14, MGM Resorts’ X page announced, “We continue to work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly. We couldn’t do this without the thousands of incredible employees committed to guest service and support from our loyal customers. Thank you for your continued patience.”
Guests can cancel reservations through September 24, 2023; if you were already charged, it will be reversed. Guests could use the resort app to book, and all change and cancellation fees would be waived.
Five days after the initial attack, MGM is still working to resolve issues, along with another resort, Caesar Entertainment, a company that paid millions to get data back, which was also cyberattacked. Bloomberg News reported that the same ransomware is also responsible for the shutdown of both facilities. There was a rumor that the same group, Scattered Spider, was responsible for the attack on Caesars, but they have since denied it.
Finally, on September 22, the resort announced that all its hotels and gaming resorts were operating normally after the cyber attack ten days before shutting their operations down. All resort services, dining, entertainment, and gaming floors, including slot machines, websites, rewards apps, ATMs, and digital guest keys, were announced to be back up and running.
However, even with the MGM resort being fully operational, the damage has been done, and it could lead to a substantial financial loss for the Company, including the foreseeable class action lawsuits that are sure to be forthcoming for what can be seen as a failure to protect private information. That goes along with the somewhat tarnished reputation after social media posts gave outsiders a clue about what guests and employees were dealing with on-site at the resort. The long lines, the lack of games, the ATM’s standing silent, and a rumor that it wouldn’t even be able to make payroll for its employees.
The resort, so far, has not provided any information to the public about what was compromised during the attack or how much sensitive information was stolen. But the resort does look to be moving forward, albeit at a considerable cost, in revamping its entire IT system in the wake of the attack.