June 19, 2024
MGM grapples with cyber ‘chaos’ 5 days after attack as Caesars Entertainment says it too was hacked

Five days after a cyberattack disrupted operations at MGM Resorts International, including its signature Las Vegas properties Bellagio and MGM Grand, the company said Thursday morning it was still working to resolve the issues as a The other major resort operation, Caesars Entertainment, has also acknowledged. Target of cyber attack.

Hackers attacked MGM Resorts Sunday morning, rendering the chain’s casinos and hotels out of business. Slot machines and ATM machines were also inoperative, elevators were out of order and customers had to wait for hours to check into rooms. Even the company’s website remains down.

“We continue to work diligently to resolve our cybersecurity issues while promptly addressing individual guest needs,” MGM Resorts said in a statement Thursday. “We couldn’t do this without the thousands of incredible employees who are committed to guest service and supporting our loyal customers. Thank you for your continued patience.”

But for visitors to MGM Resorts Las Vegas like Walter Haywood, patience is running out.

Betting kiosk at the sportsbook at the MGM Grand in Las Vegas on September 12, 2023.

Las Vegas Review-Journal/TNS via Getty Images

“It was kind of chaotic,” Haywood told ABC Las Vegas affiliate station KTNV. “The machines won’t take our tickets. Lines everywhere. Just chaos.”

MGM Resorts acknowledged the attack but has not released any details on how it happened or who may have been responsible.

The company said it took “quick action to protect our systems and data, including shutting down some systems.”

The FBI said it is investigating the attack and has been in contact with the chain since Sunday.

The Cybersecurity and Infrastructure Security Agency, which is part of the U.S. Department of Homeland Security, announced Thursday that it is in contact with MGM Resorts “to understand the impacts of the recent cyber incident.”

“We are also offering any necessary assistance should the organization require or request it,” CISA said in a statement.

Nevada Governor Joe Lombardo and the Nevada Gaming Board released a joint statement, saying they are “monitoring the cybersecurity incident with MGM Resorts and are in communication with company officials.”

“Additionally, the Nevada Gaming Control Board remains in communication with other law enforcement agencies,” the statement from Lombardo and the gaming board said.

VX-Underground – a research group claiming to have the largest collection of malware source code, samples, and papers on the Internet – Posted on x The ransomware group “ALPHV”, also known as Black Cat, is reportedly behind the MGM cyberattack. Officials have not confirmed the report.

VX-Underground said, “The ALPHV ransomware group hopped on LinkedIn to compromise MGM Resorts, found an employee, then called the help desk. A company worth $33,900,000,000 was lost over a 10-minute conversation.”

An exterior view of the MGM Grand Hotel and Casino after MGM Resorts shut down some computer systems due to a cyberattack in Las Vegas on September 13, 2023.

Bridget Bennett/Reuters

The same ransomware group responsible for this month’s cyberattack on Caesars Entertainment Inc. has paid out “millions” to get its data back, Bloomberg News reported Wednesday.

Caesars Entertainment — which runs more than 50 resorts, including Caesars Palace and Harrah’s in Las Vegas — acknowledged in a filing Thursday with the U.S. Securities Exchange Commission that the attack occurred on Sept. 7.

“Caesars Entertainment Inc. has recently identified suspicious activity in its information technology network as a result of a social engineering attack on an outsourced IT support vendor utilized by the company,” Caesars said in its SEC Form 8-K filing.

While the company said it did not pay the ransom, it noted that “we have incurred and may continue to incur certain expenses related to this attack, including the costs of responding to, remediating, and investigating this matter.” The full scope of costs and the associated impact of this incident, including the extent to which these costs will be compensated by our cyber security insurance or possible compensation claims against third parties, have not been determined.”

According to the filing, Caesars Entertainment said its investigation revealed that hackers had obtained a copy of its loyalty program database, which included driver’s license numbers and Social Security numbers “for a significant number of members in the database.” Are included.

“We have taken steps to ensure that the stolen data is not removed by the unauthorized actor, although we cannot guarantee this outcome,” Caesars said.

ABC News’ Luke Barr contributed to this report.


Leave a Reply

Your email address will not be published. Required fields are marked *