FBI Investigating MGM’s Cybersecurity Incident

This weekend, a cybersecurity incident caused MGM Resorts International’s to shut down its computer systems across the country. Costing the company millions, MGM is keen to get to the bottom of the issue, and the FBI has joined the investigation.

What We Know about MGM’s Cybersecurity Issue

MGM Resorts International first detected the cybersecurity issue on Sunday, leading to the shutdown of “certain systems” in a bid to safeguard their data. The company, however, refrained from labeling it as a cyber attack or specifying the affected systems.

Venues in states such as Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio saw the impact on their reservations and casino floors. Brian Ahern, the company spokesperson, assured that despite the issue, the customers are being looked after.

Customers shared their experiences on social media about being unable to make credit card transactions, access money from cash machines, and even enter hotel rooms using key cards. Some images depicted video slot machines that have gone dark. The company’s website remained “unavailable,” and a post on their BetMGM website acknowledged that some customers were unable to log on.

Current status of MGM Cybersecurity attack pic.twitter.com/0zd5kdaCp1

— Jacob Orth (@JacobsVegasLife) September 12, 2023

This is the Bellagio check in right now #MGM #LasVegas pic.twitter.com/ni9Qc7Bc0q

— Fred From Brooklyn #BlueCheck (@FredBrooklynOG) September 12, 2023

MGM Grand "is basically shut down" (h/t @ShellyFields) pic.twitter.com/5pMnS95brP

— Las Vegas Locally 🌴 (@LasVegasLocally) September 12, 2023

The Investigation and “Aftermath”

The FBI is actively investigating the matter. Special Agent Mark Neria, the spokesperson for the bureau in Las Vegas, confirmed the ongoing investigation but didn’t provide any additional information.

According to Alex Hamerstone, advisory solutions director at TrustedSec, an Ohio-based information security consulting organization, it is too early to ascertain whether MGM Resorts International was a victim of a ransomware attack. However, there are multiple indicators suggesting the same.

"If this was a ransomware [incident] and MGM paid, I guarantee it might have been one of the largest payments… in ransomware history," says @TrustedSec CEO @HackingDave on the $MGM cyberattack. pic.twitter.com/Uzntg676Cs

— Last Call (@LastCallCNBC) September 13, 2023

Although the company’s systems are gradually recovering, the impact of the shutdown has been significant and many patrons are still experiencing technical issues. Problems with accessing hotel rooms have been solved by issuing key cards. However, the inability to process credit card transactions at MGM’s retail outlets and in-resort ATMs being offline is a major issue.

The financial impact of the incident could be huge. The company stands to lose millions of dollars due to failed hotel and restaurant reservation bookings and inaccessible slot machines and sports bets.

Still Waiting on More Information

MGM has not elaborated on what systems were affected or how the incident may have occurred and hasn’t referred to it as a cyberattack. However, they have been in contact with law enforcement and have taken “prompt action to protect our systems and data.” The FBI’s involvement in the investigation is an indication that MGM was under attack.

As the investigation is still ongoing, the full extent of the damages is yet to be ascertained. This incident is sure to be a case study for many corporate entities on how to handle these kinds of cyber safety issues.

We’re eager to find out what really was behind the cybersecurity incident and measures MGM Resorts International will take to prevent such incidents in the future. We’ll keep you posted as we find out more details.