MGM Resorts International Faces Significant Cybersecurity Challenge Affecting Multiple Locations
MGM Resorts International, a prominent player in the hospitality, gaming, and entertainment industry, disclosed a noteworthy “cybersecurity issue” on Monday, which has cast uncertainty over its operations nationwide. The far-reaching consequences of this security breach have reverberated through the company’s properties in several states, including Las Vegas, Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio.
As of late Monday, the impact of this incident on MGM Resorts remains profound. The company grappled with service disruptions, evidenced by several of its websites experiencing downtime. Consequently, MGM Resorts encouraged its patrons to secure reservations and book accommodations via telephone.
Brian Ahern, the company’s spokesperson, admitted that the full extent of the damage to reservation systems and casino floors at various locations, particularly in Las Vegas, where the company’s headquarters reside, is still unknown. MGM Resorts is committed to addressing the situation diligently, assuring the public that its casino gaming operations remain functional despite the ongoing challenges. In an official statement released on Monday evening, the company emphasized its commitment to resolving the issue.
Earlier in the day, MGM Resorts acknowledged that the incident had affected “some of the company’s systems” and promptly alerted law enforcement agencies. In an effort to safeguard sensitive data, certain MGM systems were temporarily disabled. Furthermore, the company initiated an internal investigation in collaboration with leading external cybersecurity experts.
Notably, neither the FBI in Las Vegas nor the Nevada Gaming Control Board had responded to requests for comment at the time of this report.
MGM Resorts boasts a portfolio of 19 properties across the United States, including some of the most renowned resorts in Las Vegas, such as the Bellagio, Mandalay Bay, and the Cosmopolitan, in addition to properties overseas, notably in China.
This incident comes on the heels of Nevada’s gaming board’s approval of stricter cybersecurity measures late last year, mandating a three-day reporting window for any online system breaches. In a similar vein, the Securities and Exchange Commission (SEC) adopted a rule for large, publicly traded companies in July, requiring them to report significant breaches within four business days, with the rule scheduled to take effect in December. SEC Chair Gary Gensler emphasized the importance of promptly disclosing such incidents to investors.
Barry Lieberman, attorney for the South Point Hotel and Casino, expressed reservations about some of the proposed cybersecurity measures, citing the prevalence of cybersecurity insurance among licensees. These insurers typically compel licensees to take necessary precautions to mitigate cyber threats.
According to Josh Heller, the manager of information security engineering at Digi International, modern cyberattacks can rapidly propagate within organizations through deceptive phishing emails, often leading employees to unknowingly disclose their passwords. He suggested that the implementation of artificial intelligence could offer an efficient and cost-effective means for companies to detect breaches and contain their impact.
Efforts to seek further clarification from an MGM Resorts spokesperson on Monday went unanswered, leaving stakeholders and the public awaiting updates on the evolving situation.
Source NBC news