A cybersecurity problem that started on Sunday continued to cause havoc on Tuesday, making it difficult for visitors to MGM Resorts International properties to check in, disable slot machines, and shut down paid parking systems, ATMs, the company website, and its mobile app.
Key Points
MGM did not address which systems were impacted or how the problem occurred, but it did get in touch with law authorities, and the FBI said on Tuesday that it is looking into the situation.
Although many signs point in that way, a cybersecurity expert believes it’s too soon to speculate on whether MGM Resorts was the target of hackers in a ransomware attack.
Tuesday’s Alex Hamerstone statement, “I’m sure they’re losing money every minute, every hour, and every day,” was made.
MGM lost money from canceled hotel and restaurant reservations, unavailable slot machines, and unpaid sports wagers, according to Hamerstone, the advisory solutions director at TrustedSec, an Ohio-based information security consulting firm dedicated to assisting businesses in assessing and reducing risk in their information systems. The company also suffered a reputational hit, he added.
Customers return the next day if a retail establishment has a breach and offers affordable pricing and high-quality goods, he claimed. But I believe that when you destroy someone’s holiday or vacation, people are considerably less understanding. Some folks put money aside all year to visit Las Vegas.
On Tuesday, numerous MGM resorts had lengthy delays for guests to use their rooms and services. The MGM website and mobile app were still unavailable.
Customers had to write down their credit card numbers on slips of paper so that transactions could be manually processed at some point-of-sale sites at MGM retail establishments. The hotel’s ATMs were also out of commission, which was bad news for anyone expecting to get cash out of them.
Some visitors complained that the MGM app was not working, making it impossible for them to access their hotel rooms. Since then, the business has fixed the issue by giving key cards. On Tuesday, MGM’s websites and mobile app were still unavailable.
“It continued”
Around 6 p.m. on Tuesday, guests coming to check in at the Luxor discovered a line that snaked hundreds of yards out of the lobby and down the first floor halls.
Along the line, tables with tiny water bottles were set up, and staff members dispensed beverages.
Tuesday saw the arrival of Tammy Henderson from Arkansas, who made the long journey to the rear of the queue. The hotel’s website had been down for a few days, so she and her husband had to call ahead to check on their bookings. They were notified that they would be checking in “the old-fashioned way,” Henderson added, but they were not instructed to anticipate such a long line.
When she saw the line, she said, “Oh my God, I was devastated.” “I had no idea it continued. We just carried on even though I believed that was it.
After an hour of waiting, Eric, who asked that his last name not be used, was further up the line but still had a ways to go. He flew from Colorado to Las Vegas and described the trip as a “pain in the ass.”
Even though there were fewer people in line, it was still 30 to 40 people long Tuesday night at the check-in desk of the MGM Grand. The casino had a number of broken gaming machines.
Around 6:20 p.m., the line at Mandalay Bay started to extend. People swarming in the lobby were offered trays of water bottles by hotel staff.
Ralph Antinori, a business traveler from New Jersey, was in town. Tuesday morning, when he learned of the system failures, he decided not to even try the hotel’s website.
Regarding the Mandalay Bay line, Antinori remarked, “It is what it is.” The question is, “What are we going to do?”
Results might linger
Depending on the severity of the attack, the impacts of the severe cybersecurity issue could endure for several days, months, or even years.
MGM has not provided any additional information or identified the incident as a cyberattack.
However, the FBI’s involvement seems to suggest that MGM may have been the target of an attack.
The bureau’s Las Vegas field office’s Special Agent Mark Neria said on Tuesday, “MGM has requested assistance, and we are providing it.”
Invoking an ongoing investigation, he refrained to make any other comments on the subject.
When questioned about whether that organization was participating in the probe, the U.S. Department of Homeland Security directed the reporter to MGM.
In addition to alerting authorities, an MGM representative said the business took “prompt action to protect” its systems and data while investigating the incident.
“Our resorts, including dining, entertainment, and gaming, are currently operational, and continue to deliver the experiences for which MGM is known,” read part of a statement released late Monday. “Our front desk personnel is available to help customers as needed, and visitors can still access their hotel rooms. We value your endurance.
Websites and pay parking are down.
The MGM properties’ paid parking system appears to have been disabled due to computer issues. On Monday and Tuesday, there was no fee to enter the lots at Bellagio and Mandalay Bay.
About 60% of the slot machines and other computer-based games on the casino floor of the MGM Grand seemed to be inoperable on Tuesday morning. Additionally, it looked that none of the ATMs, rewards, or sports betting machines were working.
More slot machines at New York-New York looked to be in operation on Tuesday morning, with about 20% of them being inactive. Craps and blackjack on computers mostly worked.
At many MGM properties, check-in lines extended lengthy into Tuesday’s late afternoon and evening.
Tuesday saw no wagering activity at the sportsbooks at the MGM Grand or the New York-New York hotels.
The 54-year-old Gary Greeson arrived at the Excalibur on Monday with intentions to depart on Thursday. He took a business trip from Oklahoma City to Las Vegas.
He complained, “It’s annoying to spend money and come here where things don’t work and there is no backup system. I tried to get room service but was told I had to use the app, so I couldn’t.
Greeson calculated that there were more than 200 individuals lined up outside the hotel on Monday afternoon to check in. He has attempted to buy over-the-counter medication at a few of the casino stores, but the staff members claim they are unable to search up costs and are therefore unable to offer him anything unless they are familiar with the prices.
While he claimed that staff members are trying to be helpful, the fact that most systems are down makes it challenging for him to enjoy his stay.
Mike Hoffman, 65, of Charlotte, North Carolina, who is vacationing in Las Vegas but is not staying at an MGM property, has been impacted by the outage.
Hoffman earned $15.27 at a slot machine at New York-New York on Tuesday while he is staying at Caesars Palace, but he had to wait outside the machine until an employee could come by and take the ticket and then return with the cash winnings.
Hoffman stated, “It takes about five minutes longer to cash out, which is inconvenient since you can’t leave the machine,” but he gave the employee credit for rounding his payout of $15.27 to $16.
Hoffman claimed that he didn’t experience a similar problem while playing at Caesars and that he would likely steer clear of MGM casinos for the remainder of his vacation. As on Thursday, he departs.
Extortion?
The cybersecurity specialist, Hamerstone, said it’s unclear whether MGM is being blackmailed by hackers and declined to make any assumptions on the matter.
“Given how extensive it is, I think there are some indications that it could have been, but it’s really tough to speculate because there are just so many different things it could be,” he added. “Well, it might be ransomware. And what’s fascinating is that ransomware has significantly evolved because it now typically spreads its bets and doesn’t just encrypt data and demand a ransom. They’ll grab your data and threaten to leak it, but they’ll also encrypt it to stop you from working.
The head of the organization that promotes Las Vegas internationally, the Las Vegas Convention and Visitors Authority, expressed sympathy for MGM.
Following Tuesday’s LVCVA board meeting, Steve Hill stated, “MGM is busy working through this, and I think they’re doing the best job they can possibly do.” “We’re there to support in any way we can; it’s truly awful. However, we have really given them time to resolve this.
Vice Chairman of the LVCVA Board of Directors and a senior MGM executive, Anton Nicodemus, is president and chief operating officer of CityCenter, Aria, and Vdara. During the meeting, he avoided bringing up the subject.
Josh Swissman, a founding partner of the Las Vegas-based Strategy Organization and a gaming industry expert, claimed he recognized the situation was grave because it involved MGM’s enormous empire.
“For them to do something as broad as they did, not just geographically but broad across multiple systems, to the point where they had to release press releases from a Gmail (account), that to me implies something that is very serious,” the speaker said. Without something having a major effect of some kind, you don’t stop being able to produce money and provide visitors fun.
MGM’s reaction
Investors in the corporation, according to Swissman, will be watching intently to see how MGM handles the situation.
“How organizations respond in these situations is the real thing investors and people who focus on the gaming industry ought to be looking at,” he said. “Another aspect of security should be how a business responds to a breach of that sort, in my opinion. I believe MGM protected their clients and their data in a significant and comprehensive manner.To me, that demonstrates how seriously they took it. The fact that they were prepared to forego money should make people feel good in the long term.