MGM Resorts Faces Ongoing Cybersecurity Issue: Reservation and Booking Systems Offline

Las Vegas, NV – MGM Resorts, a renowned name in the world of hospitality and gaming, finds itself in the midst of a challenging situation as it grapples with an ongoing cybersecurity incident that has disrupted critical aspects of its operations. The company, which boasts a portfolio of luxury resorts and casinos, reported the issue on X, formerly known as Twitter, and the situation is being characterized as “ongoing” by the FBI.

The Impact of the Cybersecurity Incident

The repercussions of this cybersecurity incident have been profound. MGM Resorts took the extraordinary step of shutting down several of its computer systems, including its website, as a response to the issue. This widespread shutdown affected nearly every facet of the casino operator’s business. Reservation systems, booking systems, hotel electronic key card systems, and even the bustling casino floors were all affected by this unexpected outage.

Moreover, the disruption extended to the company’s email systems, which have yet to be restored at the time of reporting.

While some relief has been found as the casino floors were brought back online as of Monday evening, the reservation systems that power thousands of hotel rooms and the booking system responsible for managing reservations for the restaurants remain inaccessible. This extended downtime is a cause for concern, particularly considering MGM Resorts’ extensive hotel operations.

Revenue Analysis

To put the scale of this disruption into perspective, MGM Resorts operates thousands of hotel rooms across Las Vegas and the United States. Interestingly, the revenue generated from these hotel rooms surpasses that attributed directly to casino operations, as reported in SEC filings. For the quarter ended June 30, MGM Resorts recorded an impressive $706.7 million in revenue from Las Vegas hotel rooms, compared to $492.2 million from casino operations during the same period.

Company Response and FBI Involvement

In response to this cybersecurity incident, MGM Resorts promptly initiated an investigation with assistance from leading external cybersecurity experts. They also took the crucial step of notifying law enforcement agencies. Despite these efforts, detailed information regarding the nature and extent of the breach remains undisclosed, with the FBI acknowledging its awareness of the situation without providing further specifics.

Stock Market Impact

The fallout from this incident was felt on the stock market, with MGM Resorts’ shares closing down nearly 2.4% on the day the news broke.

Past Cybersecurity Incidents

It’s worth noting that MGM Resorts has faced cybersecurity incidents in the past. In 2020, personal details of over 10 million MGM visitors were exposed on a hacking forum. This data breach was attributed to events that occurred in the summer of 2019, according to the company.

Government Response and Critical Infrastructure

Given the significance of the situation, it’s essential to consider the government’s response. The government has classified the “commercial facilities sector,” which encompasses gaming and lodging, as critical infrastructure since 2003. This recognition highlights the potential consequences of significant cyber incidents in this sector. The Department of Homeland Security had previously warned that such incidents could disrupt operations, compromise data privacy, harm company reputation, and create legal and economic burdens.

Continuing Impact and Mitigation Efforts

As of now, some of MGM Resorts’ websites remain inaccessible, directing patrons to contact their hotels or casinos directly via phone. The precise timeline for when the incident began is unclear, but reports on social media suggest that the systems may have been down as early as Sunday night.

In response to this incident and the broader cybersecurity landscape, Nevada’s gaming board introduced stricter cybersecurity measures late last year, including a requirement for licensees to report online system breaches within three days. The Securities and Exchange Commission (SEC) followed suit in July, imposing a similar rule for large publicly traded companies, with a requirement to report significant breaches within four business days starting in December.

Cybersecurity insurance has become a common practice among licensees, with insurance companies mandating necessary steps to prevent cyberattacks. Experts in the field emphasize the importance of cybersecurity awareness and training for employees, as contemporary cyberattacks often exploit human vulnerabilities, such as phishing emails.

Artificial intelligence is also being touted as a potential solution to rapidly identify and mitigate the impact of cyberattacks within companies.

The Path Forward

As MGM Resorts works diligently to resolve this ongoing cybersecurity incident, the situation serves as a stark reminder of the ever-present threats in the digital age. Companies across industries must continue to prioritize cybersecurity and preparedness to safeguard their operations, data, and reputation.

For now, MGM Resorts and its stakeholders eagerly await further updates on the incident, hoping for a swift resolution that allows the company to resume normal operations and provide its patrons with the exceptional experiences they are known for.

Disclaimer: The information presented in this article is based on publicly available information as of the time of writing. The situation may have evolved since then, and further updates may provide additional insights into the incident and its impact.