UPDATED 19:40 EST / SEPTEMBER 11 2023

SECURITY

‘Cybersecurity issue’ disables computer systems at MGM Resorts

MGM Resorts International Inc., best known as an operator of casinos in Las Vegas, has been forced to shut down some casino and hotel systems following what the company described as a “cybersecurity issue.”

The incident began on Sunday local time and affected systems, including websites, online reservations, ATMs and credit card machines. The company owns hotels, casinos and resorts in Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York and Ohio, as well as Las Vegas.

Prominent MGM Resort locations in Las Vegas include the MGM Grand, Bellagio, Cosmopolitan, Aria, New York-New York, Park MGM, Excalibur, Luxor, Mandalay Bay and Delano. According to Bleeping Computer, the outages included slot machines and some guests reported that their room keys were not working.

In a statement on X (formerly Twitter), MGM Resorts described the problem as a cybersecurity issue affecting some of the company’s systems. The company claims they have hired external cybersecurity experts, informed law enforcement and shut down certain systems to protect data.

Although there is no confirmation as to the form of attack, the fact that MGM Resorts shut down certain systems points to one thing: a ransomware attack. A typical ransomware attack involves the code spreading across a network before encrypting data and demanding a ransom payment. The way to prevent ransomware from spreading across a network is to disable exposed parts of the network as soon as the ransomware is detected on internal systems, which is what MGM Resorts has done.

If it was ransomware, it wouldn’t be the first time ransomware operators have targeted hotel and resort owners. InterContinental Hotels Group PLC, the owner of hotel brands such as Holiday Inn, Crowne Plaza and Regent, was struck by a “cyberattack” in September 2022, which was later found to be an attempted ransomware attack. Hyatt Hotels Corp. suffered a similar attack in 2015.

The new “cybersecurity issue” faced by MGM Resorts is also not the first time the company has been compromised. A breach of the company’s systems in 2019 resulted in the sale of 142 million stolen customer records on the dark web in 2020, with the stolen records later publicly shared on Telegram in May 2022.

Photo: Zereshk/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU