MGM Resorts Bounces Back After 10-Day Cyberattack Shutdown

Date: 2023-09-24 Author: Dima Zakharov Categories: CASINO, EVENTS
news-banner
LAS VEGAS (AP) — MGM Resorts successfully restored its computer systems after a 10-day shutdown due to a cyberattack aimed at safeguarding sensitive data like hotel reservations and credit card processing. The Las Vegas-based casino giant reported the attack's detection on September 10, leaving analysts and experts scrutinizing the fallout.

"We are delighted to announce that all our hotels and casinos are operating as usual," the company shared on X, the platform formerly known as Twitter.

In a related incident, Caesars Entertainment, another prominent casino owner, revealed to federal regulators last week that it had also fallen victim to a cyberattack on September 7. While its casino and online operations remained unaffected, Caesars couldn't guarantee the safety of personal information belonging to tens of millions of customers, including driver's licenses and Social Security numbers of loyalty rewards members. It's reported that Caesars paid a $15 million ransom out of a $30 million demand from a group called Scattered Spider in exchange for data security.

The full extent of the MGM breach, including the nature of compromised information and the financial toll on the company, has not been disclosed. Estimates suggest the computer shutdown cost MGM Resorts up to $8 million daily, possibly totaling $80 million. However, it's essential to note that MGM Resorts reports annual revenues exceeding $14 billion, averaging at least $270 million per week.

MGM Resorts reported that essential services such as resort amenities, dining, entertainment, pools, and spas were back in operation. Their website and app resumed accepting dining and spa reservations while work continues on restoring hotel bookings and loyalty reward functions.

MGM Resorts spokesman Brian Ahern assured that "MGM Resorts properties in Las Vegas and throughout the country are back to normal operations." MGM also maintains properties in Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio.

The FBI declined to comment, referring to an ongoing investigation. Experts argue that the attacks exposed significant cybersecurity vulnerabilities at MGM and Caesars, dispelling the notion of casino invincibility.

Christopher Budd, a director of threat research at cybersecurity firm Sophos X-Ops, emphasized the importance of heightened cybersecurity measures for all casinos, given the recent attacks. He noted, "There's been attacks against multiple casinos, and it's possible we'll see more."

Caesars Entertainment, with over 65 million rewards members and properties in 18 states and Canada, holds the title of the world's largest casino owner. MGM Resorts, on the other hand, is Nevada's largest private employer, operating tens of thousands of hotel rooms in Las Vegas and various properties across the United States and abroad, including China and Macau, employing 75,000 people.

Both companies are expected to disclose the impacts of the attacks in their quarterly reports to the Securities and Exchange Commission next month.

The MGM attack has been attributed to Scattered Spider, a group of English speakers also known as Øktapus, operating under the Russia-based ALPHV or BlackCat.

Lisa Plaggemier, executive director at the nonprofit National Cybersecurity Alliance, praised MGM's decision to shut down vulnerable systems as a positive step but stressed the urgent need for substantial investment in employee training and cybersecurity to address significant security gaps. The risk, she said, lies in "downtime and financial losses."

Moody, the director of the cybersecurity program at the University of Nevada, Las Vegas, highlighted the inevitability of attacks, stating, "It is not a matter of if you get attacked, but when you get attacked." He emphasized that even well-prepared and technically advanced companies are not immune to threats, as "defense cannot win 100% of the time."
image

Leave Your Comments