MGM Customers reported issues with accessing hotel rooms and gambling machines, and business websites were unavailable. Cybersecurity professionals predict a cyberattack.
MGM Resorts International did not disclose the extent of disruptions caused by the cybersecurity problems on Monday. The company said it had reported the matter to law enforcement.
MGM Resorts International, a chain of casinos and hotels, reported on Monday that a “cybersecurity issue” was hurting some of its internet systems and disrupting service for patrons, particularly in Las Vegas, where cybersecurity experts claimed the corporation was probably the target of a widespread cyberattack.
MGM Resorts claimed that law authorities had been alerted, but did not provide further information on the disturbances or say when the problem started or was discovered. The business claimed in a statement that it had “promptly taken action to protect our systems and data, including shutting down certain systems.”
MGM Resorts stated on social media that “our investigation is ongoing and we are diligently working to determine the nature and scope of the matter.”
The company showed some indications of problems, but it did not reply to emails for feedback. In comments posted on a Facebook group, customers said that the company’s website was down Monday evening and that access to hotel rooms at its resorts was problematic.
A number of hotel gambling machines had gone offline, according to KTNV 13, a Las Vegas TV station, and numerous visitors were unable to make bookings, charge anything to their rooms, or use their digital room keys.
The resorts at MGM Resorts “continue to deliver the experiences for which MGM is known,” including its dining, entertainment, and gaming options, according to a statement released late on Monday night.
How many people had been impacted by the cybersecurity issues remained unclear. Mandalay Bay, Aria, the Bellagio, and MGM Grand Las Vegas are just a few of the well-known casino and hotel properties owned by MGM, which has thousands of hotel rooms in Las Vegas.
A “cybersecurity issue” often denotes an individual or group attacking the company’s network, according to Greg Moody, an associate professor of information systems and cybersecurity at the University of Nevada, Las Vegas, who made this statement on Monday.
Dr. Moody, who has collaborated with the corporation and members of its tech team on various projects, speculated that in the instance of MGM, the attacker or attackers may have “found some gap in their armor” and utilized it to knock down the company’s systems.
He claimed that hackers frequently carry out such operations in order to get money. Attackers typically steal data from a firm and keep it hostage until the company agrees to pay a ransom for its release. Attackers will also resell the data they have obtained on a dark web market where buyers are looking for information like names, numbers, or addresses that can be used to commit identity theft.
MGM is a target since it is a sizable organization with a huge amount of data, according to Dr. Moody.
Large corporations are frequently targets of cyberattacks, according to Arthur Salmon, a professor of computing and information technology at the College of Southern Nevada and the program’s director for cybersecurity.
The increased urgency to return systems back to normal, however, makes three industries common targets of such attacks, according to Dr. Salmon. They are: utility firms, given that customer complaints frequently make the news; hospitals, given that disruptions pose a risk to patients; and casinos, given that customer data breaches could damage their brand.
Dr. Salmon stated that the security team had to be entirely accurate. “And the threats are continuously evolving, expanding, and becoming more complex. Just one time must be correct for the attacker.
According to University of Nevada, Las Vegas professor of network security Yoohwan Kim, thieves will occasionally steal data from a large, financially secure organization, demand a ransom for the key to unlock their systems, and then wait for the company to pay.
According to Dr. Salmon, ransom payments can range, but for larger businesses, they are typically in the low hundreds of thousands or low millions.
It may take months or years to recover after a significant cybersecurity attack, according to experts.
A petroleum pipeline, hospitals, and grocery chains all experienced operations disruption due to recent cyberattacks, which also may have compromised some intelligence organizations. A data breach that allegedly affected 10.6 million individuals happened to MGM in 2019.