MGM Resorts 'Cybersecurity Issue' Likely Widespread Ransomware Attack

We explore what might be behind the attack.

Edward Gately, Senior News Editor

September 12, 2023

6 Slides

A massive cyberattack on MGM Resorts has impacted operations at numerous hotels and casinos on the Las Vegas strip, including the MGM Grand, Bellagio, Aria, Mandalay Bay and more.

“MGM Resorts recently identified a cybersecurity issue affecting some of the company’s systems,” MGM Resorts wrote on on X (formerly Twitter).. “Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems. Our investigation is ongoing and we are working diligently to determine the nature and scope of the matter.”

View post on X

MGM updated its statement to say its resorts are operational, guests can access their hotel rooms and front desk staff is ready to assist as needed. The websites of MGM resorts on the Strip remained down Tuesday.

On Monday, KTNV 13, a TV station in Las Vegas, reported that multiple gambling machines at hotels had gone offline and that several guests were unable to charge anything to their rooms, make reservations or use their digital room keys.

MGM Resorts Attacker’s Purpose Unknown

The nature of the incident has not been disclosed publicly and the attacker’s purpose remains unknown. This is the second time MGM Resorts has confirmed a cybersecurity incident since 2019, when one of the company’s cloud services was breached and hackers stole more than 10 million customer records. The company confirmed the breach in 2020. Stolen data included guests’ names, dates of birth, email addresses, phone numbers and physical addresses.

Fergal Lyons, cybersecurity evangelist with Centripetal, said early indications point to a “severe and widespread” ransomware attack.


Centripetal’s Fergal Lyons

“If past performance in this industry is an indicator, then we could anticipate MGM paying the ransom if they see no other option,” he said. “Cybercriminals are finding ransomware to be a lucrative industry, capitalizing on vulnerabilities and exploiting careless employees. The methods employed are diverse, tailored to the specific companies they target. Thus, it is imperative that all businesses take extra precautions to evade becoming the next target. Utilizing already available threat intelligence on these ransomware groups can thwart impending attacks and avert data breaches. Adopting a proactive, intelligence-based stance against potential threats is crucial as relying solely on a reactive approach to threat hunting may be too late, resulting in irreversible harm.”

Scroll through our slideshow above for more on the MGM Resorts cyberattack.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like