MGM Resorts Experiences Cybersecurity Issue Impacting Operations
Casino and lodging operator MGM Resorts has temporarily shut down several computer systems, including its website, in response to a cybersecurity incident, the company announced on social media on Monday.
The initial shutdown has significantly impacted all aspects of the casino operator’s business. Reservation systems, booking systems, hotel electronic key card systems, and the casino floors have all been affected by the outage.
In response to the cybersecurity issue, the company’s email systems have also been taken offline and have not yet been restored.
While the casino floors have been brought back online as of Monday evening, the reservation systems powering thousands of hotel rooms and the booking system managing restaurant reservations are still experiencing downtime, more than a day after the initial incident was reported.
MGM operates numerous hotel rooms across Las Vegas and the United States, with revenue from hotel rooms surpassing that of its casino operations, according to SEC filings. For the quarter ended June 30, the company reported $706.7 million in revenue from Las Vegas rooms and $492.2 million from the casino.
“We have initiated an investigation with the support of leading external cybersecurity experts,” MGM stated in a post on X, formerly known as Twitter. “We have also informed law enforcement and taken immediate action to safeguard our systems and data, including shutting down certain systems.”
The FBI has confirmed its awareness of the “ongoing” incident but did not provide further details.
On Monday, MGM shares closed down by approximately 2.4%.
MGM’s website has been replaced by a landing page advising patrons to contact their hotels or casinos directly via phone. The exact start time of the outage remains unclear, although some social media users reported MGM’s systems being down as early as Sunday night.
This is not the first time MGM has faced cybersecurity incidents. In 2020, the personal information of over 10 million MGM visitors was published on a hacking forum. The company disclosed that the data breach occurred during the summer of 2019.
The extent of the government’s response, beyond the involvement of the FBI, is currently unknown. The government has classified the “commercial facilities sector,” which includes gaming and lodging, as critical infrastructure since 2003.
“A major communications failure or deliberate cyberattack could have severe consequences, disrupting payments and essential operations, compromising customer and company data privacy, posing threats to company integrity and reputation, and causing significant legal and economic burdens,” warned the Department of Homeland Security in a 2015 sector-specific plan.