Casino and hotel chain MGM Resorts International said Monday that some of its online systems were affected by a “cybersecurity issue” that caused disruptions for customers, particularly in Las Vegas, where cybersecurity experts said the company was a likely victim of a comprehensive cyber attack.
MGM Resorts did not provide details about the disruptions, nor did it say when the problem began or when it was discovered, but said law enforcement had been notified. In a statement, the company said it took “swift action to protect our systems and data, including shutting down certain systems.”
“Our investigation is ongoing and we are working diligently to determine the nature and scope of the matter.” MGM Resorts posted on social media.
There were some signs of disruption for the company, which did not respond to emails seeking comment. The company’s website was down Monday evening, and comments from users on the Facebook group said slot machines were not working and there were problems accessing hotel rooms at the company’s resorts.
KTNV 13, a Las Vegas television station, reported that several gaming machines at hotels had gone offline and that several guests were unable to withdraw money from their rooms, make reservations or use their digital room keys.
It was not clear how many people were affected by the cybersecurity disruptions. MGM is a well-known casino and hotel company with thousands of hotel rooms in Las Vegas, including the Mandalay Bay, the Aria, the Bellagio and the MGM Grand Las Vegas.
Greg Moody, an associate professor of information systems and cybersecurity at the University of Nevada, Las Vegas, said Monday that a “cybersecurity issue” typically means that an individual or group has attacked the company’s network.
In MGM’s case, the attacker or attackers may have “found a chink in their armor” and used it to disable the company’s systems, Dr. Moody, who has worked with the company and members of its technology team on several projects.
Such attacks are typically launched by hackers seeking profit, he said. Attackers typically steal a company’s data and hold it hostage until the company pays a price for its return. Attackers will also sell the stolen data on an underground online marketplace where buyers search for data that contains information that enables identity theft, such as names, numbers or addresses.
MGM is a large company with a huge data set and therefore a target, said Dr. Moody.
Arthur Salmon, a professor of computer and information technology at the College of Southern Nevada, where he is also director of the cybersecurity program, said Monday that large companies are often victims of cyberattacks.
However, three industries are common targets of such attacks due to the added pressure to get systems back to normal, Dr. Salmon. These are: utility companies, because customer complaints often make headlines; hospitals, as the disorder poses a risk to patients; and casinos, as data breaches of customers’ private data can lead to reputational damage.
“Your security team has to be 100 percent right,” said Dr. Salmon. “And the threats are ever increasing, ever adapting and becoming ever more complicated. The attacker simply has to be right for once.”
Yoohwan Kim, a professor of network security at the University of Nevada, Las Vegas, said attackers sometimes steal data from a large and financially secure company, demand a ransom for a key to decrypt their systems, and then wait for the company to do so pay.
Dr. Salmon said ransom amounts can vary, but are typically in the hundreds of thousands or low millions for larger companies.
A widespread cybersecurity attack can take months or years to recover from, experts say.
Recent cyberattacks around the world have crippled operations at a gasoline pipeline, hospitals and grocery chains and may have compromised some intelligence agencies. In 2019, MGM was the victim of a data breach that reportedly affected around 10.6 million people.
Rebecca Carballo contributed reporting.