MGM Resorts Shuts Down Computer Systems in Response to Cybersecurity Issue
Las Vegas, Nevada – MGM Resorts International, the renowned casino and lodging operator, experienced a major setback after shutting down several computer systems, including its website, in response to a cybersecurity issue. The company made this announcement on Monday through a post on their social media.
The initial shutdown had a significant impact on almost every aspect of MGM’s business operations. Reservation systems, booking systems, hotel electronic key card systems, and even the casino floors were all affected. Additionally, the company’s email systems are still offline as a result of the incident.
Although the casino floors have been restored as of Monday evening, the reservation systems for thousands of hotel rooms and the booking system for their restaurants remain down. It has been over a day since the incident was first reported, and the systems are yet to be restored.
MGM Resorts operates numerous hotel rooms in Las Vegas and across the United States. Surprisingly, revenue from their hotel rooms in Las Vegas surpasses the revenue generated directly from their casino operations, as indicated in their SEC filings. For the quarter ending June 30, the company reported $706.7 million in Las Vegas rooms revenue compared to $492.2 million in casino revenue for the same period.
In response to the cybersecurity issue, MGM Resorts immediately initiated an investigation with the assistance of leading external cybersecurity experts. They also notified law enforcement and took prompt action to protect their systems and data by shutting down certain systems.
While the FBI confirmed their awareness of the “ongoing” incident, they did not provide further details. MGM’s shares closed down nearly 2.4% on Monday due to the incident.
As a result of the cybersecurity issue, MGM’s website has been replaced with a landing page advising patrons to contact hotels or casinos directly via phone. The exact timing of the outage remains unclear, although some users on social media reported experiencing system issues as early as Sunday night.
This is not the first time MGM Resorts has faced cybersecurity incidents. In 2020, the personal information of over 10 million MGM visitors was published on a hacking forum. The company acknowledged that the information had been exfiltrated during the summer of 2019.
The extent of the government response, aside from the involvement of the FBI, is yet to be determined. In 2003, the government identified the “commercial facilities sector,” which includes gaming and lodging, as critical infrastructure. In a sector-specific plan released in 2015, the Department of Homeland Security cautioned that a significant communications failure or intentional cyberattack could cause disruptions, compromise data privacy, damage company integrity and reputation, and result in extensive legal and economic burdens.