MGM Resorts has successfully ended a 10-day computer shutdown following a cyberattack aimed at safeguarding sensitive data, including hotel reservations and credit card processing. The Las Vegas-based company announced the resolution on Twitter after detecting the attack on September 10th. Rival casino owner Caesars Entertainment also reported a cyberattack on September 7th, with concerns over customer data compromise. Caesars allegedly paid a $15 million ransom to secure the data.
Details about the extent of MGM’s breach and the cost were not immediately disclosed. Estimates suggest the shutdown may have cost up to $80 million, but the company’s annual revenues exceed $14 billion. MGM reported that various services, like dining and entertainment, were operational, while hotel booking and loyalty reward functions were being restored.
Both attacks exposed cybersecurity vulnerabilities at MGM and Caesars, challenging the perception of casino invulnerability. Experts urge casinos to enhance their defences and incident response processes. Caesars Entertainment, the world’s largest casino owner, plans to disclose the attack’s effects in its upcoming quarterly report.
The attack on MGM has been attributed to a group called Scattered Spider, affiliated with a Russia-based operation known as ALPHV or BlackCat. The situation underscores the need for comprehensive security measures, including both physical and cyber penetration testing. These tests identify vulnerabilities in both digital and physical security, helping organizations safeguard their assets against attacks that may exploit weaknesses in both domains.