MGM Resorts takes systems offline following cyberattack
MGM Resorts has shut down some of its online systems after discovering a cyberattack on Monday afternoon.
The company did not respond to requests for comment but several sources said slot machines and ATMs at the company’s casinos in Las Vegas were not functioning.
The company’s website is down, with a temporary page providing customers with phone numbers for offices in Detroit, Las Vegas, New York and other cities.
“MGM Resorts recently identified a cybersecurity issue affecting some of the Company's systems. Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts,” the company said in a statement on Twitter.
“We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter.”
— MGM Resorts (@MGMResortsIntl) September 11, 2023
Local news outlets in Las Vegas reported that computer systems at hotels owned by MGM — including the Bellagio Hotel — were also down and were unable to accept credit cards. Guests at hotels outside of Las Vegas took to social media to report similar issues.
This is not the first time MGM has dealt with a hacking incident. The company’s online sports betting company BetMGM reported a breach in December that involved the names, Social Security numbers and financial information of an unknown number of customers.
In 2020, the personal information of 10.6 million users who stayed at MGM Resorts was leaked to a hacking forum.
Hotels and casinos have long been a ripe target for hackers due to the troves of financial information they hold on customers.
There are even state-sponsored cyber-espionage groups like DarkHotel, APT28, and the Rana Group that specialize in cyberattacks targeting hotels and across the world.
One group, nicknamed “FamousSparrow,” was implicated in attacks on hotels in France, Lithuania, the U.K., Israel, Saudi Arabia, Brazil, Canada, Guatemala, Taiwan and Burkina Faso.
Marriott said last year that hackers tried to extort the company after 20 gigabytes of employee and customer data were stolen from BWI Airport Marriott in Baltimore. Marriott has faced multiple breaches over the last 10 years.
The most notable was a 2014 breach involving the personal information of 500 million hotel guests. The company is in the midst of one of the largest class-action lawsuits ever related to the breach.
Meliá Hotels International, one of the largest hotel chains in the world, was crippled by a cyberattack in 2021.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.