MGM Resorts, a major player in the casino and lodging industry, recently faced a significant disruption due to a cybersecurity incident, leading to the temporary shutdown of various computer systems, including their website. This unexpected event had a widespread impact on nearly every aspect of MGM’s operations.
The incident affected crucial systems, such as reservation and booking systems, hotel electronic key card systems, and even the functioning of their casino floors. Additionally, the company’s email systems were taken offline in response to the cybersecurity threat and had not been restored at the time of reporting.
While MGM managed to bring their casino floors back online relatively quickly, the reservation systems responsible for thousands of hotel rooms and the booking system for restaurant reservations remained offline for more than a day. This prolonged downtime had significant implications for the company’s operations.
MGM Resorts is a prominent operator of thousands of hotel rooms in Las Vegas and across the United States. Surprisingly, the revenue generated from their hotel rooms surpasses that from their casino operations, as indicated by their SEC filings. For the quarter ending June 30, the company reported $706.7 million in Las Vegas room revenue compared to $492.2 million from the casino.
- Advertisement -
In response to the incident, MGM Resorts took swift action, launching an investigation with the assistance of external cybersecurity experts. They also informed law enforcement agencies and made the necessary decisions to safeguard their systems and data, including the temporary shutdown of specific systems. The FBI acknowledged the incident but did not disclose further details.
As a consequence of the incident, MGM’s shares experienced a decline of nearly 2.4% in trading on Monday. To mitigate the disruption caused by their inaccessible website, MGM replaced it with a landing page instructing patrons to directly contact their hotels or casinos via phone. The exact starting time of the outage remained unclear, though some social media users reported system issues as early as Sunday night.
Notably, this is not the first time MGM Resorts has grappled with cybersecurity incidents. In 2020, the personal information of more than 10 million MGM visitors was leaked on a hacking forum, originating from a breach that occurred in the summer of 2019.
The extent of the government’s response, apart from the involvement of the FBI, remained undisclosed. The government has long recognized the “commercial facilities sector,” encompassing gaming and lodging, as critical infrastructure since 2003. In a sector-specific plan from 2015, the Department of Homeland Security warned about the potential consequences of a large-scale communication failure or a deliberate cyberattack, emphasizing the disruption it could cause to payments, basic operations, data privacy, company integrity, reputation, and the legal and economic burdens it could entail.
In conclusion, MGM Resorts’ recent encounter with a cybersecurity incident has underscored the vulnerability of critical infrastructure and the profound impact such disruptions can have on a company’s operations and reputation, as well as the broader implications for the industry and its customers.
