MGM Resorts brought to an end a 10-day computer shutdown prompted by efforts to shield from a cyberattack data including hotel reservations and credit card processing, the casino giant said yesterday [Macau time], as analysts and academics measured the effects of the event.
“We are pleased that all of our hotels and casinos are operating normally,” the Las Vegas-based company posted on X, the platform formerly known as Twitter. It reported last week that the attack was detected Sept. 10.
Rival casino owner Caesars Entertainment also disclosed last week to federal regulators that it was hit by a cyberattack Sept. 7. It said that its casino and online operations were not disrupted but it could not guarantee that personal information about tens of millions of customers, including driver’s licenses and Social Security numbers of loyalty rewards members, had not been compromised.
Caesars, based in Reno, is widely reported to have paid $15 million of a $30 million ransom sought by a group called Scattered Spider for a promise to secure the data.
Gregory Moody, professor and director of the cybersecurity program at the University of Nevada, Las Vegas, pointed to quoted estimates that the computer shutdown cost the company up to $8 million per day, which could put the cumulative effect at $80 million. But Moody also noted that MGM Resorts reports annual revenues above $14 billion, which would mean it averages at least $270 million in revenues per week.
The company reported yesterday that systems handling resort services, dining, entertainment, pools and spas were operational and its website and app were taking dining and spa reservations while the company worked to restore hotel booking and loyalty reward functions.
“MGM Resorts properties in Las Vegas and throughout the country are back to normal operations,” spokesman Brian Ahern told The Associated Press. MGM also has properties in Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York and Ohio.
FBI spokeswoman Sandra Breault in Las Vegas declined to comment and referred to a previous statement by the agency saying an investigation was ongoing.
Experts said the attacks exposed critical cybersecurity weaknesses at MGM and Caesars and shattered an image of casino invulnerability.
“At this point, all casinos should be moving to the highest defensive posture possible and taking active measures to verify the integrity of their systems and environment, and reviewing — if not activating — their incident response processes,” said Christopher Budd, a director of threat research at cybersecurity firm Sophos X-Ops. “There’s been attacks against multiple casinos, and it’s possible we’ll see more.”
Caesars stock traded Wednesday at $50.17 per share, up 36 cents for the day. MGM shares were at $38.77, down 43 cents. Both companies are expected to disclose effects of the attacks in quarterly reports next month to the Securities and Exchange Commission.
The attack on MGM also has been attributed to Scattered Spider, a group of English-speakers also sometimes known as Øktapus operating under a Russia-based operation called ALPHV or BlackCat.
“But there are a lot of conflicting reports,” said David Richardson, an executive at cybersecurity firm Lookout. “You have Scattered Spider claiming that they’ve done both in various forums, and ALPHV, saying that Scattered Spider wasn’t involved with the other. But there’s a lot of technical evidence that shows that there’s a relationship between the two.” KEN RITTER, LAS VEGAS, MDT/AP
