Public updates on MGM, Caesars cyberattacks unlikely, says gaming regulator

Nevada Gaming Control Board Chairman Kirk Hendrick has indicated that the board is unlikely to discuss the cybersecurity attacks on MGM Resorts International and Caesars Entertainment anytime soon due to the ongoing police investigation.

He emphasized that the board is currently operating as an investigative and law enforcement agency, focusing on safeguarding the gaming industry and "protecting the state of Nevada and its residents and visitors," Las Vegas Review-Journal reported.

The FBI confirmed its investigation into the cyberattacks in September, which had effectively paralyzed most of MGM's computer systems. The company later reported that most systems had returned to normal.

While MGM properties nationwide suffered a nine-day disruption, Caesars faced fewer public-facing issues, allegedly due to the payment of a multimillion-dollar ransomware demand. The Wall Street Journal reported that the company paid approximately half of a $30 million ransom demanded by the hackers.

Nevada Gaming Commissioner Brian Krolicki had called for a public update regarding the attacks on the casino giants which began in September for MGM and in August for Caesars.

“Nevada’s gaming regulators were forward-thinking last year when Nevada Gaming Commission Regulation 5.260 was adopted to mandate that certain nonrestricted licensees must develop cybersecurity best practices, and thereafter continually monitor and evaluate those practices,” Hendrick said, as per the report.

"Pursuant to the statutory directive of the Gaming Control Act, it would not be prudent to publicly review any particular licensee’s cybersecurity practices or response to any incident. If updates to the cybersecurity requirements outlined in NGC Regulation 5 are warranted, those matters will be discussed in public board and commission meetings,” he added.

Amidst ongoing concerns related to the cybersecurity attack, some BetMGM customers reported difficulties accessing their mobile betting accounts on social media. However, a BetMGM spokesman confirmed to the news outlet that the issue was unrelated to the cyber incident faced by MGM and has since been resolved.

Meanwhile, a 10th class-action lawsuit seeking damages from either MGM or Caesars was filed in U.S. District Court in Nevada. The plaintiff, David Terezo, identified as an MGM Rewards member from Woodbury, New York, alleges that MGM failed to prevent a cyberattack that resulted in the theft and dissemination of sensitive customer information.

Earlier, Las Vegas law firms Stranch, Jennings & Garvey, PLLC and Kopelowitz Ostrow Ferguson Weiselberg Gilbert, and The O’Mara Law Firm, P.C., of Reno and Barnow and Associates, P.C., of Chicago had filed lawsuits in relation to the cyber attacks.

MGM officials declined to comment on the new lawsuit, and neither MGM nor Caesars has commented on previous lawsuits. Legal experts, speaking on background to Review-Journal, suggest that a judge assigned to the case is likely to consolidate the class-action complaints into one action due to their similarities and complexity.