MGM Resorts casinos in Las Vegas and beyond are in the throes of a “cybersecurity issue affecting some of the company’s systems.” Which would probably qualify as the understatement of the year.
The “cybersecurity issue” has resulted in a massive cluster, with guests unable to use the digital card keys for their rooms, having to pay cash at casino venues (as credit card systems are unavailable), along with a slew of other headaches, including slot machines, ATMs and the company’s Web site being taken down. Company employees don’t have access to e-mail.
In other words, MGM Resorts is royally scrod.
We were the first media outlet to share that something was afoot at MGM Resorts, on Sunday, Sep. 10, 2023 at 7:51 p.m.
Report of systemwide outage at Bellagio, possibly other MGM Resorts—cash payments only at restaurants, no room charges or credit cards, digital room keys don’t work. pic.twitter.com/EZnVzBbOIH
— Vital Vegas (@VitalVegas) September 11, 2023
Overnight, other incidents were reported, and it became clear MGM Resorts was in full security lockdown mode. This is standard operating procedure when there’s a security breach, to avoid the issue getting worse.
Although, it’s hard to imagine how things could worse, unless it’s all a diversion so the “Ocean’s Eleven” guys can pull a heist.
This is actually good news, because it means those systems weren’t necessarily compromised, they were taken offline as a precautionary measure. (This helps a lot with the process of getting everything back up and running once the issue is resolved.)
Loyalty club databases are the typical target in such attacks.
Here’s the official statement from MGM.
— MGM Resorts (@MGMResortsIntl) September 11, 2023
In case you can’t see Tweets for some reason, the statement says, “MGM Resorts recently identified a cybersecurity issue affecting some of the company’s systems. Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter.”
You know it’s bad when they don’t even know the “nature and scope of the matter.”
We’re fairly confident the scope of the matter is disastrous and the nature of it is a ransomware attack.
These attacks aren’t uncommon at Las Vegas casinos. They don’t get reported, but we understand a number of casinos have paid ransoms to get their data or systems back.
We were also the first to share that Caesars Entertainment may have been hit with a similar attack last week, although it was never reported at the time.
Related: There are rumblings Caesars Ent. casinos were hit last week, kept under wraps. https://t.co/CWRLRYbFD9
— Vital Vegas (@VitalVegas) September 11, 2023
In the past, these public companies weren’t really obliged to share the fact they’d been attacked, or that they’d paid ransoms, often in the millions of dollars.
That changed recently when the SEC adopted new rules. Public companies now have to report cybersecurity incidents. Anticipate a flood of such reporting, as the number of incidents continues to increase.
It’s unfortunate MGM Resorts is dealing with this FUBAR situation, but it’s not the company’s first digital security debacle.
MGM Resorts had a massive data breach a few years ago. The company admitted to 10.7 million customer records being compromised. Our sources revealed the number was actually 200 million. Lawsuits are ongoing.
Far be it from us to make light of such a terrible situation, but we’re pretty sure this is all the fault of trees. Just a few days ago, the trees in front of Bellagio (operated by MGM Resorts) were chopped down. Murdered in cold sap. Then this happens. Coincidence?
MGM Resorts operates about half the major resorts on the Las Vegas Strip: Aria, Bellagio, Excalibur, Luxor, Mandalay Bay, MGM Grand, New York-New York and Cosmo.
Our sources say things seem fine at Cosmopolitan, probably because their system hasn’t been fully switched over to MGM Resorts. The loyalty club changes over Feb. 1, 2024.
It sounds like most, if not all, of the MGM Resorts-operated casinos in the U.S. have been hit, but Macau is fine. Technically, “Macao Special Administrative Region of the People’s Republic of China.” Don’t freak out. The last MGM Resorts data breach presumably originated in Iran (per our sources), but nobody’s pinned the current mess on anyone yet. China has better things to do with its time than muck with your Buffalo machine, like banning clothing that hurts their feelings and punishing those asshats who knocked down part of the Great Wall. Here’s a fun fact you didn’t know about Macau! The first known written record of the name “Macau” translates as “A Ma Gang.” This will win you a bar bet someday.
As for the current MGM Resorts train wreck, cybersecurity experts are on the case, according to MGM Resorts. Because they clearly did a great job last time.
If everyone could stop clicking on e-mail attachments, that’d be great.
The post MGM Resorts Receives Colossal Kick to the Nads in Companywide Cyberattack appeared first on Vital Vegas.