Caesars, MGM Resorts Hit with Cyberattacks

Caesars, MGM Resorts Hit with Cyberattacks

News by Roberto Orosa
Published: September 12, 2023

Caesars Entertainment is the latest casino giant to fall victim to cyberattacks, paying millions of dollars to bad actors that have gained access to its system, Bloomberg reported on Wednesday.

The cyberattack, which was traced as early as August 27, was reportedly led by Scattered Spider or UNC 3944, a group that breached external IT vendors to gain access to the casino's systems.

Caesars Entertainment is slated to disclose the attack in a regulatory filing, the report concluded.

MGM Cyberattack Causes System Shutdowns

Hotel and casino chain MGM Resorts International was recently also the target of cyber attacks. On Tuesday, it confirmed that a "cybersecurity issue" caused its ATM cash dispensers, slot machines, and charging systems to stop working.

MGM's official websites were also down due to the attack, and reports from customers experiencing trouble booking and accessing their rooms have also surfaced.

"Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts," the company wrote in an X post.

In a notice posted on its website, the company confirmed that the cybersecurity issue has affected its Vegas hotels and casinos, including the Bellagio, MGM Grand, and Aria.

MGM's other branches across the U.S. have also taken a blow from the incident, with most of their websites going offline.

A few hours after the post, the company made a follow-up statement declaring dining, entertainment, and gaming have resumed operations, but the website remain down.

Following the incident, new information has surfaced claiming that the ransomware group ALPHV/BlackCat is behind the MGM cyber issue. 

According to an X user, which stores large collections of malware source code on the internet, the group had compromised the casino giant just by finding an MGM employee via LinkedIn and calling the help desk.

MGM Already Faced Data Leaks in 2020

Cybersecurity issues in the casino industry are nothing new. With the global casino market projected to reach $525 billion in 2023, the industry has been considered a common target for hackers seeking financial gain.

MGM's most recent cybersecurity issue is just one of the many security breaches the hotel and casino giant has experienced in recent years.

In 2020, MGM admitted that its cloud servers had been breached, jeopardizing the personal data of about 10.6 million hotel guests.

More than 52,000 guests were also notified of the attack after MGM confirmed that someone had unauthorized access to their guests' data.

Later on, it was revealed that these numbers were much bigger. An estimated 140 million guests had their personal information stolen and sold in a dark web marketplace and shared on Telegram by hackers.

What Are MGM's Potential Losses?

MGM Resorts derives most of its revenue from gaming, hotel accommodations, food and beverage, entertainment, and retail.

Last year, its Las Vegas Strip Resorts alone earned $8.4 billion in net revenue, according to its press release.

If the recent cybersecurity risk prompted system shutdowns in MGM Las Vegas units for a day, the conglomerate could see revenue losses worth more than $23 million.

Edited by Nikola Djuric

Subscribe to Spotlight Newsletter
Subscribe to our newsletter to get the latest industry news