MGM Resorts has reported a Cyber Security issue that could potentially have a broad and significant impact

MGM Resorts has reported a Cyber Security issue that could potentially have a broad and significant impact

MGM Resorts International has reported a “cybersecurity issue” on Monday that may have impacted its various hospitality, gaming, and entertainment properties across the United States. Some of the company’s websites experienced outages late on Monday, prompting them to advise customers to make room bookings and reservations by phone.

The full extent of the issue’s impact on reservation systems and casino operations, particularly in Las Vegas where the company is headquartered, as well as in other states like Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio, remains unclear, according to spokesperson Brian Ahern.

In a statement issued on Monday evening, MGM Resorts stated that the issue was still ongoing, but their casino gaming floors remained operational. They emphasized their dedication to resolving the problem. Earlier in the day, the company disclosed that the issue had affected “some of the company’s systems” and that they had notified law enforcement.

As a precaution, some of MGM’s systems were shut down to safeguard data, and the company initiated an internal investigation with the assistance of “leading external cybersecurity experts.”

Both the FBI in Las Vegas and the Nevada Gaming Control Board did not respond to requests for comment regarding the situation.

MGM Resorts operates 19 properties in the United States, including renowned resorts such as the Bellagio, Mandalay Bay, and the Cosmopolitan in Las Vegas, in addition to properties in China.

Late last year, Nevada’s gaming board enacted more stringent cybersecurity measures, including a requirement to report online system breaches within a three-day window.

MGM Resorts has reported a Cyber Security issue

The company has experienced cybersecurity incidents in the past. In 2020, the personal information of over 10 million MGM visitors was exposed on a hacking forum. MGM disclosed that this data had been illicitly obtained during the summer of 2019.

The extent of the government’s response, aside from the involvement of the FBI, was not immediately clear. The government classified the “commercial facilities sector,” which includes gaming and lodging, as critical infrastructure in 2003.

In a sector-specific plan from 2015, the Department of Homeland Security issued a warning, stating, “A significant breakdown in communications or a deliberate cyberattack could severely disrupt financial transactions and essential operations, compromise the privacy of customer and company data, jeopardize the company’s integrity and reputation, and result in substantial legal and economic burdens.”

In July, the Securities and Exchange Commission (SEC) implemented a similar rule for large publicly traded companies, mandating the reporting of significant breaches within four business days. However, this requirement will not take effect until December.

“Whether a company experiences a factory fire or loses millions of files in a cybersecurity incident, it can have a significant impact on investors,” stated SEC Chair Gary Gensler in a July statement.

Barry Lieberman, attorney for South Point Hotel and Casino, expressed in a letter to the Nevada board that some of the measures, which were not yet implemented at the time, might not be necessary. He noted, “Almost all licensees have cybersecurity insurance, and those insurance companies require the licensees to take necessary steps to prevent cyber attacks.”

Josh Heller, the manager of information security engineering at the wireless technology company Digi International, pointed out that modern cyberattacks can swiftly propagate through organizations via seemingly legitimate emails that trick employees into revealing their passwords. He emphasized that a simple phishing email, when opened on the corporate network, could spread rapidly.

Heller proposed that artificial intelligence could offer companies a rapid and cost-effective means of detecting breaches and isolating their impact.

On Monday, there were unanswered follow-up questions for an MGM Resorts spokesperson. CNBC.

Leave a comment