A cyber intrusion has successfully infiltrated MGM Resorts‘ computer network, resulting in the company’s decision to suspend operations at a dozen of its renowned casino hotels in Las Vegas, including notable establishments like the Bellagio, Mandalay Bay, and the Cosmopolitan. Additionally, this cyberattack has impacted operations at six other MGM properties across the United States.
The cyberattack resulted in hotel guests being unable to access their rooms, utilize the mobile app, or use digital key cards for purchasing services. Instead, the hotels had to manually process transactions to address the situation. Starting from Monday evening, MGM’s website has been replaced by a landing page advising guests to contact the company directly via phone.
The company initially detected the problem on Sunday evening and promptly initiated an investigation with the assistance of leading external cybersecurity experts. Additionally, they informed law enforcement and took immediate measures to safeguard their systems and data, which included shutting down specific systems, as reported on X, the platform formerly known as Twitter, on Monday.
MGM Resorts, a major player in the casino-hotel industry globally, generated $14.1 billion in revenue the previous year. In Las Vegas alone, Jonathan Halkyard, the company’s CFO and treasurer, revealed during a recent quarterly earnings call that “MGM Resorts accommodates approximately 12 million room nights annually.” However, as of late Monday evening, while the casino floors at MGM were functioning, critical reservation systems for hotel rooms and restaurant bookings were still inaccessible, marking more than a 24-hour downtime.
Hospitality has always been a prime target for cybercriminals. This sector holds a treasure trove of personal data including names, passports, addresses and credit card numbers that are sold for profit.
Martin Zugec, technical solutions director at Bitdefender, a multinational cybersecurity firm
In 2018, Marriott disclosed a massive data breach that compromised the information of approximately 500 million customers. Over the past decade, major hotel brands such as Hyatt, Hilton, InterContinental, Sheraton, Westin, Starwood, Wyndham, Omni Hotels, and Mandarin Oriental have also experienced significant data breaches, resulting in the exposure of sensitive customer data.
Recently, Zugec has noted that Bitdefender has observed a notable increase in supply-chain attacks targeting hotels. These attacks exploit vulnerabilities in widely-used platforms to gain initial access. Just last week, Bitdefender discovered an instance of cybercriminals using zero-day vulnerabilities in a hotel booking engine to steal financial information. Multiple organizations have been affected by this ongoing attack.
