MGM Resorts, the operator of casinos and lodging facilities, found itself compelled to halt numerous computer systems, including its website, in response to a critical “cybersecurity issue.” This revelation came via a social media announcement made by the company on Monday.
The initial shutdown cast a wide net, impacting nearly every facet of the casino operator’s operations. Reservation systems, booking platforms, hotel electronic key card systems, and the bustling casino floors all fell victim to the widespread disruption.
Furthermore, the company’s email systems succumbed to the cybersecurity threat and have yet to resurface online.
MGM Resorts stated that, as of Monday evening, their casino floors had been restored to full functionality. However, the reservation systems, which drive their expansive array of hotel rooms, and the booking system, responsible for restaurant reservations, remain stubbornly offline. This predicament persists more than a day after initial reports of the incident began circulating.
MGM oversees a vast network of hotel rooms spanning Las Vegas and the United States. Interestingly, the revenue derived from their Las Vegas hotel rooms eclipses that attributed directly to their casino operations, a fact corroborated by SEC filings. For the quarter ending June 30, the company reported a staggering $706.7 million in Las Vegas room revenue, compared to $492.2 million from casino operations during the same period.
In response to the situation, MGM declared, “We promptly launched an investigation with the guidance of leading external cybersecurity experts. Simultaneously, we apprised law enforcement and took swift measures to safeguard our systems and data, which included the shutdown of certain systems.”
While the FBI acknowledged awareness of the “ongoing” incident, they refrained from disclosing further details.
On Monday, MGM’s stocks saw a dip of nearly 2.4%.
MGM’s website, currently inaccessible, now features a landing page advising patrons to directly contact their respective hotels or casinos via phone. The precise commencement time of the outage remains unclear, although some social media users reported MGM’s systems experiencing disruptions as early as Sunday night.
This is not the first time the company has grappled with cybersecurity incidents. In 2020, personal information belonging to over 10 million MGM visitors surfaced on a hacking forum. The data breach occurred during the summer of 2019, according to the company’s statement at that time.
The extent of government intervention, beyond the FBI’s involvement, remains shrouded in uncertainty. It is worth noting that the government has designated the “commercial facilities sector,” encompassing gaming and lodging, as critical infrastructure since 2003.
In a 2015 sector-specific plan, the Department of Homeland Security underscored the potential ramifications, stating, “A significant communications breakdown or a deliberate cyberattack could profoundly disrupt financial transactions and essential operations, jeopardize customer and corporate data confidentiality, imperil company integrity and reputation, and give rise to substantial legal and economic burdens.