Background

MGM Resorts, a well-known casino and lodging operator, announced on Monday that it had shut down several of its computer systems, including its website, due to a cybersecurity issue. The company made this announcement through a social media post.

Impact

The initial shutdown had a significant impact on various aspects of MGM Resorts’ business operations. The outage affected reservation systems, booking systems, hotel electronic key card systems, and even the casino floors.

The company’s email systems were also taken down in response to the cybersecurity issue and have yet to be restored.

While the casino floors were brought back online by Monday evening, the reservation systems for thousands of hotel rooms and the booking system for restaurants remain offline, even after more than a day since the incident was first reported.

Financial Impact

MGM operates numerous hotel rooms in Las Vegas and across the United States. According to SEC filings, the revenue generated from their hotel rooms in Las Vegas surpasses that directly attributed to their casino operations. In the quarter ending June 30, the company reported $706.7 million in Las Vegas rooms revenue compared to $492.2 million in casino revenue.

Response and Investigation

MGM promptly initiated an investigation with the assistance of leading external cybersecurity experts. The company also notified law enforcement and took immediate action to protect their systems and data by shutting down certain systems.

The FBI confirmed its awareness of the ongoing incident but did not provide further details.

Previous Cybersecurity Incidents

This is not the first time MGM has experienced cybersecurity incidents. In 2020, personal details of over 10 million MGM visitors were published on a hacking forum. The company disclosed that the information had been obtained in the summer of 2019.

Government Response

Besides the involvement of the FBI, the extent of the government’s response to the incident is not yet clear. The government has identified the gaming and lodging sector, which includes commercial facilities like MGM, as critical infrastructure since 2003.

The Department of Homeland Security warned in a 2015 sector-specific plan that a significant communications failure or intentional cyberattack could disrupt payments and basic operations, compromise customer and company data privacy, and pose substantial legal and economic burdens.

Conclusion

MGM’s website is currently inaccessible and has been replaced with a landing page advising patrons to directly contact their hotels or casinos via phone. The exact start time of the outage is unknown, although some users on social media reported MGM’s systems being down as early as Sunday night.

Headquartered in Las Vegas, MGM Resorts International is a global entertainment company operating a variety of resorts and casinos.