MGM Resorts grapples with "cybersecurity issue" impacting operations across U.S.

Casino giant MGM Resorts International faced a significant 'cybersecurity issue' on Monday that affected its extensive network of hospitality, gaming, and entertainment properties across the United States. The issue impacted credit card transactions and other computerized systems throughout its hotel casinos.

While MGM refrained from explicitly labeling the incident as a cyberattack, certain actions undertaken by the company suggested a significant concern. It was observed that MGM had taken measures to shut down select systems to prevent the situation from escalating further.

Consequently, the online reservation system became inoperative, necessitating customers to contact properties directly for hotel reservations, Las Vegas Review-Journal reported.

pic.twitter.com/Ir6IhOdN9X

— MGM Resorts (@MGMResortsIntl) September 12, 2023

The company released a statement via a Gmail address as its official email was down on Monday morning, saying: "MGM Resorts recently identified a cybersecurity issue affecting some of the company’s systems. Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts.

"We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter.”

Reporting the incident to law enforcement authorities suggests the possibility of a cyberattack, typically prompting federal investigators to take the lead. 

The company issued a second statement on Monday night: “Our resorts, including dining, entertainment and gaming are currently operational. Our guests remain able to access their hotel rooms and our Front Desk staff is ready to assist our guests as needed. We appreciate your patience.”

This marks the second cybersecurity incident involving MGM in the span of four years. In February 2020, MGM acknowledged a breach of its cloud server during the summer of 2019, resulting in the theft of information, including driver's license and passport data of some guests. The breach impacted an estimated 10.6 million individuals, with 52,000 people notified by MGM after confirming unauthorized access to a limited amount of guest information.

MGM's Bellagio

In the latest cybersecurity attack, checkout lines appeared unaffected on Monday at Bellagio and Mandalay Bay, two of MGM's ten Las Vegas properties, though reports surfaced of slot machines not functioning at some locations. The Nevada Gaming Control Board has yet to provide official information on its involvement in the investigation, the Review-Journal report said.

Acknowledging the disruption, a notice on the company's BetMGM website in Nevada confirmed that certain customers were unable to access their accounts. 

According to Brian Ahern, a spokesperson for MGM, the cybersecurity incident commenced on Sunday, and the full extent of its impact on reservation systems and casino operations in various states, including Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio, remains unclear, an Associated Press report said.