A major incident impacting MGM Resorts has caused computer shutdowns all over the US. The systems most impacted are tied to casinos and hotel computer systems. According to the AP, locations caught by this shutdown range from New York and Ohio to Michigan and Mississippi.
At this point I’d link to the post on the company website explaining what’s occurred but at time of writing, the site tends to not load properly which is probably due to heavy traffic. When it does, it simply says that the MGM Resorts website is currently unavailable and gives visitors a list of contact numbers. AP also mentions that other MGM websites have been replaced with “back soon” style pages while the clean up from the attack is no doubt still ongoing.
At present, what’s available is a selection of posts made to X (formerly Twitter) giving brief details of the incident.
This is what MGM Resorts has to say on the matter:
MGM Resorts recently identified a cybersecurity issue affecting some of the company’s systems. Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter.
MGM goes on to say that “resorts are fully operational”. Meanwhile, BBC reporter Joe Tidy reports that slot machines and casino floors were left empty, and that physical room keys had to be distributed. An additional admin error caused a guest to walk in on someone else. Clearly things are not going swimmingly for MGM Resorts.
Some systems are slowly coming back to life, but there’s no estimate for when full functionality will be restored. The initial fallout of the attack seems to have been the worst of it, with reports of “thousands” of guests locked out of their rooms.
In terms of what the attack could mean for guests, it’s too early to say. MGM has not touched on whether or not customer data has been breached or exfiltrated, and if the culprit is ransomware this could rumble on for days or weeks. Nobody wants to think about their personal data being wrapped up and dropped onto a data dump website, but as with all these incidents it is a distinct possibility. Unverified sources are claiming this to be the case, but we would suggest sticking to official sources only.
If you’re a guest at an MGM resort, don’t panic. Keep note of the contact numbers, and ask staff what the process is for keeping you informed of any breaking developments. An abundance of caution would suggest monitoring credit and debit card payments for a little while, along with watching out for any MGM themed emails. If you do receive the latter, go back to an official point of contact and verify its authenticity. Sometimes organisations send out emails which are genuine, but look suspicious. It’s always better to check.
If this attack does prove to be ransomware, the next development we hear about could be the attackers announcing a data dump or additional demands. For the time being, don’t panic and try to enjoy your resort time as best as you can given the unusual circumstances.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
