Gap in Security Plunges MGM Resorts into Chaos

Casino Floors Down, Hotel Rooms Locked, Booking Suspended

Losing $40 million in cryptocurrency is extremely concerning for any company. Such a drop in funds has the potential to be catastrophic. It is, however, instant and the damage is immediately apparent. MGM Resorts’ recent experience of a potential cyber attack has not been so short-lived. Instead, the exploit of its lax cyber security has left a serious mark on the company’s venues and is likely to not be fully rectified for some time. That will particularly be the case as the company’s IT staff looks to reinforce the security measures already in place. So how did such a prestigious name find itself on the end of a damaging attack in an industry that places such importance on digital security? First, it’s not entirely clear if any actual hack has even occurred. Instead, a press release simply explained that a potential exploit has been identified and cyber security experts and the FBI have been made aware of it.

So the extent of the issue is yet to be disclosed, which is understandable given that any unnecessary information shared could alert bad actors to a previously unnoticed exploit. However, the lack of any public evidence of any real hack hasn’t prevented widespread destruction for MGM. According to CNBC, the company’s websites have been replaced by placeholders that advise customers that they should contact them via phone. This comes after the company enforced a shutdown that took their casino floors offline, downed their booking systems, and blocked their hotels’ key card systems. Floors are reportedly back up but it appears that all booking tech, email accounts, and access systems are still hampered by the ongoing investigation into this security loophole. All of this resulted in the company’s shares falling by over 2%, leaving shareholders to keep a keen eye on the unfolding situation.

Not MGM Resorts’ First Cyber Safety Issue

It may not be that an actual serious hack has occurred at all. Instead, this could be the company employing an abundance of caution to avoid any potential leaks that could prove to be fatal to its operations or reputation. And that’s something that MGM will be very well aware of, given that it has recent experience of such an exploit. In 2020, ZDNet reported that more than 10 million of the company’s private customer information was leaked by hackers and posted on a forum for these criminals. This data included names, addresses, contact details, and dates of birth. These sorts of personal information dumps unfortunately aren’t unusual but any company that takes pride in its customer service and imperious reputation will undoubtedly be hurt by a hack like this. It weakens trust with its loyal customer base and puts many new patrons off doing business with MGM in the fear that their personal data could be lost by doing so. As such, it’s likely that this disruption is an effort to prevent another occurrence of a significant data leak. What will be concerning to many, though, is the FBI’s involvement in the investigation. Have they been called in to ensure that compliance is met or has a serious breach already been identified?

Either way, this is an unwelcome development for the casino industry as a whole. The New York Post reports that the aforementioned Stake crypto theft was undertaken by North Korea in an effort to boost the nation’s funds for its nuclear project. Headlines like this do nothing for the reputation of an industry that has been under scrutiny globally. More and more focus is being placed on how companies are preventing illegal activities like money laundering. Any exploits that allow nefarious actors to use casinos, online or physical, as part of their illicit behaviors will undermine any integrity measures that operators put into place. That’s why it’s important that any security lapses are identified early in order to prevent further damage.