On Monday, MGM told on a social media post that due to a cybersecurity issue, the resort’s official websites and multiple computer systems of the casino were turned off.
In the early stages, shutdown affects almost every part of the casino operator’s business. The disruption affected the booking system, casino floors, reservation system, and hotel electronic key cards. Due to cybersecurity issues, the MGM email system was also turned off and still has not returned online.
On Monday evening, the company said their casino floor was back online. But the booking system that handles reservations for their restaurant and the reservation system that powers their thousands of hotel rooms are still down, It is almost one day after the initial reports of the incident started to spread.
There are several hotel rooms in Las Vegas and America handled by MGM. According to SEC filings, income from their hotel rooms in Las Vegas is more than the revenue from their casino operations. According to a company report, revenue for the quarter ended June 30, Las Vegas rooms earned $706.7 million, and casino revenue was $492.2 million for the same time.
MGM said in a post on X, the new name of Twitter, “We quickly start an investigation with assistance from leading external cybersecurity experts.” Moreover, they posted that they also informed the police and took quick action to save our data and system, and turned off some systems.
— MGM Resorts (@MGMResortsIntl) September 11, 2023
The FBI verified that they knew of the continuing incident but did not give any information. On Monday, MCG shares ended at nearly 2.4%.
MGM changed its website by creating a landing page that suggests that customers contact their casino or hotel directly via phone. It was unclear when the disconnection started, but some people on social media said that MCG’s system was shut down on Saturday night.
MCG also had cybersecurity issues in the past. In 2020, more than 10 million MGM visitors’ details were revealed on a hacking platform. The company said at the time the information was drop-out in the summer of 2019.
Beyond the FBI’s involvement, the scope of the government’s answer needed to be clarified. In 2003, the government officially classified the “commercial facilities sector,” which includes gaming and accommodation, as vital infrastructure.
In July, SEC Chair Gary Gensler said in a statement that such catastrophes can significantly impact investors if a company suffers a factory fire or a cybersecurity incident that results in the loss of millions of data.
Barry Lieberman’s Reports About MGM
Barry Lieberman, South Point Hotel and Casino attorney said in a letter to the Nevada board that some of its actions, yet to be acted at the time, were unnecessary.
In a letter to the board executive secretary, he further said that almost all licensees have cybersecurity insurance. Those insurance companies require the licensees to take the steps necessary to prevent cyber attacks.
The manager of information security engineering at the wireless technology company Digi International, Josh Heller, said current cyberattacks can quickly spread throughout companies via single, official-looking emails that encourage employees to enter their passwords. Moreover, he said a single email opened on the associate network could grow like wildfire.
Josh Heller advised artificial intelligence (AI) may provide businesses with a quick, low-cost solution to warn managers of breaches and “isolate the impact.”