MGM Resorts says ‘cybersecurity issue’ may have widespread impact

MGM Resorts International disclosed a “cybersecurity incident” on Monday that may have impacted its various hospitality, gaming, and entertainment properties across the United States.

The incident could still be causing problems for the publicly traded company, as some of its websites experienced downtime late on Monday. MGM Resorts encouraged customers to make room reservations and booking requests via phone.

The extent of the impact on the reservation systems and casino operations remains uncertain. This uncertainty extends to Las Vegas, where the company is headquartered, as well as properties in Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio, according to spokesperson Brian Ahern.

In a statement issued on Monday evening, the company acknowledged that the issue was ongoing but assured that its casino gaming floors remained operational. It stated, “We continue to work diligently to resolve this issue.” Earlier in the day, MGM Resorts noted that the incident affected “some of the company’s systems” and had been reported to law enforcement.

As a precaution, MGM took measures to shut down some of its systems to safeguard data. The company initiated an internal investigation with the assistance of prominent external cybersecurity experts.

More News:

1. Massive Rescue Operation in Libya: 10000 Missing Death Toll Surpasses 11000 in Flooded City

2. Austin FC Pays Tribute to Influential Latino Figures in Celebration of Hispanic Heritage Month

3. Embracing Hispanic Heritage Month 2023

4. The Roman Empire’s Surprising Popularity

5. A Glorious Epoch: A Brief History of the Roman Empire

Notably, the FBI in Las Vegas and the Nevada Gaming Control Board did not respond to requests for comment.

MGM Resorts boasts 19 properties in the United States, including renowned resorts like the Bellagio, Mandalay Bay, and the Cosmopolitan in Las Vegas, as well as properties in China.

Towards the end of the previous year, the Nevada Gaming Control Board had adopted more stringent cybersecurity measures, including a three-day window for reporting any online system breaches. In July, the Securities and Exchange Commission (SEC) implemented a similar rule for large, publicly traded companies. This rule mandates reporting a significant breach within four business days, although it would not take effect until December.

SEC Chair Gary Gensler emphasized the significance of timely reporting, stating, “Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors.”

Barry Lieberman, an attorney at the South Point Hotel and Casino, expressed in a letter to the Nevada board that some of these measures, which were yet to be enforced at the time, were unnecessary. He noted that nearly all licensees had cybersecurity insurance, which required them to take necessary steps to prevent cyberattacks.

Josh Heller, the manager of information security engineering at Digi International, a wireless technology company, highlighted the rapid spread of contemporary cyberattacks within companies, often initiated through deceptive emails that prompt employees to enter their passwords. He suggested that artificial intelligence could offer a fast and relatively cost-effective means of alerting managers to breaches and isolating their impact.