MGM Resorts, a prominent hotel and casino chain, has publicly confirmed the existence of a "cybersecurity issue" responsible for a sustained system outage across its Las Vegas properties. This revelation, made in a statement posted on social media, signals that the company is facing a significant and potentially far-reaching cyber incident.
In their statement, MGM Resorts stated, "Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter."
Guests and patrons at MGM's Las Vegas establishments have reported disruptions related to this outage. These include malfunctioning ATM cash dispensers, inoperable slot machines, and difficulties with digital room keys. Furthermore, hotel restaurants have been constrained to accept cash-only payments. Guests have also encountered issues with charging expenses to their rooms.
MGM Resorts' website has also been affected, and a notice on the site confirms that the incident extends to all of its Las Vegas resorts, encompassing well-known establishments like Aria, the Bellagio, Luxor, MGM Grand, and Mandalay Bay. As a result of the disruption, guests have been encouraged to make reservations and communicate with concierge services via telephone.
What is especially concerning about this incident is its apparent scope. A source familiar with the situation has indicated that not only the Las Vegas properties but also all of MGM's other establishments seem to be affected. Several regional resort websites, including those of MGM Springfield in Massachusetts, MGM National Harbor, and the Empire City Casino in New York, were offline at the time of reporting.
As with many cyber incidents, there are several lingering questions. The nature of the cyberattack remains undisclosed, leaving us uncertain about whether data has been exfiltrated from MGM's systems. Furthermore, the timeline for restoring normalcy to MGM's computer systems remains undisclosed, which adds to the overall uncertainty.
In response to inquiries from media outlets, an MGM spokesperson has yet to provide further details about the situation, and it's unclear whether MGM employees currently have access to corporate email systems.
This is not the first time MGM Resorts has faced a significant cybersecurity incident. In the past year, the company experienced a major data breach that impacted more than 140 million guests. During this breach, the personal information of guests was disseminated on the messaging platform Telegram. The stolen data included sensitive details such as guests' full names, postal addresses, email addresses, phone numbers, dates of birth, and, in some cases, passport and driver's license numbers.
As this latest incident unfolds, MGM Resorts is facing increased scrutiny regarding its cybersecurity posture, and stakeholders will be closely watching how the situation develops and how the company responds to this emerging challenge.