Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
MGM Resorts International confirmed that a cyber incident has disrupted several of its critical systems, affecting its main website, online reservations, and in-casino services, including ATMs, slot machines, and credit card machines.
The company revealed this via a statement on its X profile page. After detecting the issues, MGM Resorts initiated an investigation and took immediate action to protect its systems and data, which included shutting down certain systems.
— MGM Resorts (@MGMResortsIntl) September 11, 2023
What Happened?
The incident started on Sunday night (10th of September), resulting in the current unavailability of computer systems at the resorts. Reports online suggest that the company has resorted to manual operations, with disruptions to ATMs and credit card machines on their properties.
Additionally, the main MGM Resorts website is currently inaccessible, redirecting customers to make hotel reservations via phone for any of their destinations.
MGM Resorts Website Message for Customers (Source)
Customers enrolled in MGM Rewards programs are also affected, with instructions to contact a Member Services number during specific hours.
All MGM websites using the same domain name as the primary site (mgmresorts.com) have been offline for an extended period. This includes websites for properties like MGM National Harbor, Empire City Casino, MGM Springfield, MGM Grand Detroit, Beau Rivage, and The Borgata.
According to FOX5 reports, some guests have experienced issues with their room keys not functioning. Local Las Vegas media outlet Vital Vegas has reported that slot machines are displaying a “temporarily unavailable” message and are not operational.
It’s affecting everything. MGM is scrod. https://t.co/zqURIKkfC4 pic.twitter.com/jGqlVWxNHI
— Vital Vegas (@VitalVegas) September 11, 2023
As of now, the exact nature and purpose of the cyberattack remain undisclosed. The FBI confirmed that it was aware of the “ongoing” incident but provided no further details.
MGM Resorts’ stock price dropped 1.62% on September 12th .
Not the First Major Cyber Incident
This marks the second cybersecurity incident confirmed by MGM Resorts since 2019 when one of the company’s cloud services experienced a breach, resulting in the theft of over 10 million customer records, explains Bleeping Computer.
This breach was publicly acknowledged in 2020 after a dataset containing stolen information, including guest names, birthdates, email addresses, phone numbers, and physical addresses, was shared on a hacker forum.
According to ZDNet, the database contained information on high-profile guests such as former Twitter CEO Jack Dorsey, pop star Justin Bieber, and officials from the United States Department of Homeland Security and the Transportation Security Administration.
When personal information is made public, the most immediate risk is getting targeted phishing messages that could help cybercriminals commit fraud.
In Las Vegas, the company operates tens of thousands of hotel rooms at its flagship MGM Grand as well as properties such as Bellagio, Aria, New York-New York, and Mandalay Bay. It also has properties in China and Macau.
If you want to learn more about creating a strong cybersecurity strategy, check out this article: How to Create a Successful Cybersecurity Strategy.
If you liked this piece, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.
