MGM Hotel’s Cybersecurity Incident
MGM Resorts has reported grappling with “cybersecurity challenges” currently under investigation by the FBI. The gaming floors at MGM Resorts, the renowned casino operator, remained accessible online until the late hours of Monday. Regrettably, the company has refrained from issuing any subsequent updates concerning its reservation and room booking system, which had previously been taken offline.
As the final bell rang on Monday’s trading session, MGM’s stock prices witnessed a decline of nearly 2.4%. In response to the unfolding “cybersecurity challenges,” the company, via a social media declaration on Monday, announced the suspension of multiple computer systems, including their website, evidently in response to the incident.
The initial shutdown cast a broad shadow over virtually every facet of the casino operator’s operations. Reservation systems, booking platforms, electronic key card systems for hotels, and even the bustling casino floors appeared to fall victim to the apparent disruption.
In light of the cybersecurity incident, the company proceeded to temporarily suspend its email systems, which, as of now, have yet to be reinstated.
The company conveyed that, come Monday evening, their gaming floors—table games notwithstanding—were once again accessible. However, the reservation system, the backbone of thousands of hotel room bookings, and the booking system orchestrating reservations for their dining establishments, remained conspicuously offline, even a full day after the incident initially surfaced.
MGM Resorts presides over a multitude of hotel rooms in Las Vegas and across the United States. SEC filings divulge that revenue stemming directly from their Las Vegas hotel rooms eclipses that generated by their casino endeavors. A June 30 disclosure revealed that Las Vegas room revenue reached a staggering $706.7 million for the preceding three months, outstripping the $492.2 million in casino revenue during the same period.
Taking to Twitter, MGM Resorts announced, “We have initiated a comprehensive investigation, enlisting the expertise of reputable external cybersecurity specialists, as previously mentioned on our Twitter feed. We have also apprised law enforcement agencies and undertaken immediate measures to safeguard our systems and data, necessitating the shutdown of select systems.”
The FBI acknowledged its awareness of the “ongoing” incident but refrained from disclosing further particulars.
At the close of trading on Monday, MGM Resorts’ stock prices had dwindled by approximately 2.4%.
In lieu of its regular website, MGM Resorts has introduced a landing page, advising patrons to establish direct contact with their properties or casinos via telephone. The precise inception of this shutdown remains shrouded in ambiguity, though anecdotal reports on social media suggest that MGM’s systems succumbed to disruption on Sunday night.
It is worth noting that the company has experienced prior encounters with cybersecurity issues. In 2020, the personal information of over 10 million MGM visitors was exposed on a hacking forum. At that juncture, the company attributed the breach to an incursion that transpired in the summer of 2019.
Regarding the government’s response, beyond the FBI’s involvement, specifics remain elusive. Notably, the government has designated “critical infrastructure sectors,” encompassing gaming and hospitality, as fundamental pillars since 2003.
The Department of Homeland Security issued a warning in 2015 that “a significant breakdown in communication or a deliberate cyberattack can cause substantial disruptions in operations, compromise the confidentiality of customer and corporate data, endanger the integrity and reputation of the company, and give rise to formidable legal and financial burdens.