Under Attack? Breach Response Hotline: Call 833.997.7327 (US/CAN)

MGM Resorts

Chris Swagler | November 1st, 2023


MGM Resorts International, a colossal hotel and casino conglomerate, is trapped in a dire cybersecurity predicament, rendering several essential systems, including its flagship website and online booking portals, inoperable. The company’s response to this crisis has once again thrust it into the unwelcome spotlight, with memories of a similar incident in 2019 still fresh in the minds of many. The turmoil began on a fateful Sunday night when MGM Resorts detected a looming cybersecurity threat. Acting swiftly, the company launched an immediate investigation into the situation, enlisting the assistance of top-tier external cybersecurity experts to assess the extent and nature of the breach. In an official statement by Brian Ahern, MGM’s executive director of communications, the company revealed that it had alerted law enforcement agencies about the ongoing situation. Subsequently, decisive measures were taken to safeguard their systems and data, including the shutdown of specific techniques that were under siege. Despite these efforts to contain the crisis, the assailants remain enigmatic, their motives unclear. It is a mystery whether the threat operators have demanded a ransom or if they are communicating with MGM officials. The lack of concrete information on the nature and scope of the cyberattack has left the public and the affected customers in a state of uncertainty.

The Impact on MGM Resorts

The impact of this cybersecurity debacle has rippled across the entirety of MGM Resorts’ operations. Reports abound of technical glitches and operational disruption within the company’s casinos, with credit card machines, ATMs, and ticket-in-ticket-out machines rendered nonfunctional. Hotel guests have been inconvenienced as their room keys ceased to operate, and online reservations were rendered impossible. The crisis has also hit MGM Rewards customers, as their mobile apps became inaccessible. Maintenance is underway on the MGM Rewards app, and digital keys are temporarily unavailable. Customers have been instructed to seek assistance at the front desk.

Even the company’s main website, a crucial portal for customers and guests, is offline, with visitors being redirected to make hotel reservations via phone. Furthermore, all other MGM websites sharing the same domain name, such as mgmresorts.com, have also been offline for an extended period, causing frustration and confusion among potential customers. The impact has not been limited to the Las Vegas properties alone. Regional casinos, including MGM National Harbor, Borgata in Atlantic City, MGM Grand Detroit, MGM Springfield, Beau Rivage, Empire City Casino, and MGM Northfield Park, have all fallen victim to this cyber onslaught, leaving patrons stranded and businesses struggling to operate. This incident marks the second time MGM Resorts has been embroiled in a high-profile cybersecurity breach since 2019, when threat operators stole over 10 million customer records from the company’s cloud services. The stolen data included sensitive customer information like names, dates of birth, email addresses, phone numbers, and physical addresses, leading to a significant breach in the company’s data security.

Restoration Efforts to MGM Resorts

As the investigation into this latest cyberattack unfolds, MGM Resorts faces the daunting task of restoring its systems and services and rebuilding trust with its customers. The shadow of past breaches looms large, emphasizing the critical importance of cybersecurity in the digital age, where even the most formidable organizations can find themselves vulnerable to unseen threats lurking in the virtual world.

At SpearTip, our IR planning engages a three-phase approach, which includes pre-incident, active incident, and post-incident planning processes. SpearTip identifies key stakeholders and decision-makers, critical data, and potential access points in the pre-incident aspect. Then, it engages in a live test, after which we offer remediation guidance. To benefit companies’ teams during an incident, we assist in developing a communications plan designed to detect and isolate the precise threat with a customized strategy map. The post-incident planning process development includes root cause and investigative audit, improvement analysis, and backup recovery. Our certified engineers work to restore companies’ operations, isolate malware to reclaim their networks and recover business-critical assets.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.


Connect With Us

Featured Articles

IT Workers
Extra Advice on the IT Workers in North Korea
29 November 2023
Ransomware Attacks
The 10 Most Impactful Ransomware Attacks in History
27 November 2023
Cloud Backups
Security Strategy: Cloud Backups for Ransomware Protection
25 November 2023
Blog Images (15)
How To Maintain Personal Cybersecurity While Shopping Online
21 November 2023

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.