‘Cybersecurity issue’ forces systems at MGM hotels and casinos to shut down

MGM Resorts did not share specific information on the disruptions or disclose when the problem began or when it was discovered but said law enforcement had been notified. In a statement, the company said it had “taken immediate action to protect our systems and data, including shutting down some systems.”

A cybersecurity issue forces systems at MGM hotels

“Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter.” Posted by MGM Resorts On social media.

There were few signs of disruption for the company, which did not respond to an email seeking comment. Its website was down on Monday evening, and comments posted by users of the Facebook group said slot machines were not working and there were problems accessing hotel rooms at the company’s resorts.

KTNV 13, a TV station in Las Vegas, informed that many gambling machines in hotels went offline and many guests were unable to charge anything in their rooms, make reservations, or use their digital room keys.

It is unclear how many people have been affected by the cybersecurity disruptions. MGM is a major casino and hotel company with thousands of hotel rooms in Las Vegas, including Mandalay Bay, Aria, Bellagio, and MGM Grand Las Vegas.

Greg Moody, associate professor of information systems and cybersecurity at the University of Nevada, Las Vegas, said Monday that a “cybersecurity issue” typically means an individual or group has attacked a company’s network.

In the case of MGM, the attacker or attackers “may have found some gap in their armor” and used it to destroy the company’s systems, said Dr. Moody, who has worked on several projects with the company and members of its technical team. Have worked on.

Such attacks are usually launched by hackers looking to make profits, he said. Attackers typically steal a company’s data and hold it hostage until the company pays a price to return it. Attackers will also sell stolen data on an underground online marketplace, where buyers look for data containing information that could enable identity theft, such as names, numbers, or addresses.

MGM is a large company with a huge data set, so it is a target, Dr. Moody said.

Arthur Salmon, a professor of computing and information technology at the College of Southern Nevada, where he is also the director of its cybersecurity program, said Monday that large businesses are common victims of cyberattacks.

However, three industries are often the targets of such attacks because of the added pressure to get systems back to normal, Dr. Salmon said. They are: utility companies, because customer complaints often make news; hospitals, because of the risk to patients caused by disruption; and casinos, as data breaches of customers’ personal information can have a reputational impact.

“Their security team has to be on point 100 percent of the time,” Dr. Salmon said. “And threats are always growing, always adapting, and always becoming more complex. “The attacker just has to be right once.”

Yohwan Kim, a professor of network security at the University of Nevada, Las Vegas, said attackers will sometimes steal data from a large and financially secure company, demand a ransom for a key to decrypt its system, and then take over the company. I will wait for K to do so. Salary.

Dr. Salmon said the ransom amount can vary, but for larger companies, it is usually in the hundreds of thousands or at least millions.

Experts say it could take months or years to recover from a widespread cyber security attack.

Recent cyber attacks around the world have reduced the operations of gasoline pipelines, hospitals, and grocery chains and have potentially compromised some intelligence agencies. MGM was a victim of a data breach in 2019. It was said that this would affect approximately 10.6 million people.