Cyberattack on MGM Resorts knocks out casino operations and computer systems company wide

The Nevada Independent
 
Cyberattack on MGM Resorts knocks out casino operations and computer systems company wide
Super Slots

Most slot machines were offline in MGM’s Strip casinos Monday, while customers had to wait for payouts from attendants.

Arizona resident John Hass checked out of his room at New York-New York Monday morning and walked over to Excalibur to play the slot machines before heading to the airport for his afternoon flight to Tucson.

He was told a computer glitch had taken down most of the games inside New York-New York.

Hass found a playable slot machine at Excalibur. However, he had to wait 30 minutes for a payout by a slot machine attendant of his $136.25 credit on the game.

“Luckily, my flight is not until 5 p.m.,” he said.

MGM Resorts International said Monday the company was the victim of a cyberattack that had taken down many computer systems as well as its website. The issues affected MGM properties (including New York-New York and Excalibur) in the eight states where the company operates, including the Strip.

An MGM spokesman, using a Gmail account because his company email was not working, said company officials first detected system outages on Sunday evening. In a statement Monday morning, MGM Resorts said it began an investigation with the help of cybersecurity experts.

“We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems,” MGM said in the statement. “Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter.”

The attack also affected the ability of customers to make or access their hotel reservations on the company’s website, disabled digital entry to hotel rooms, and shut off the use of credit cards and casino management systems that oversee slot machines and cashless gaming. Luxor had also suspended paid parking as of Monday morning.

The computer issues didn’t affect private vendors in food courts and retail areas inside MGM casinos.

“We’re able to accept payments just fine,” said a clerk at a novelty socks store in Excalibur.

The casino floor was a different story.

Several slot machines flashing “call attendant” messages with payouts of just a few dollars were left abandoned. One Excalibur guest, who was sitting in front of a game with a $1,500 payout, said he “wasn’t going anywhere,” adding that he’d been waiting for at least 45 minutes.

A few minutes later, an Excalibur slot attendant arrived.

One guest from Montana, who asked that her name not be used, was staying at Excalibur when she learned the slot machines were not working properly. She walked to Luxor to find a slot machine that was working. However, she then had to wait for a slot attendant to pay a $70.50 credit on the game.

Most of the slot machines inside Luxor had tape over their ticket in-ticket out vouchers and cash validators saying the game was “out of order.”

Table game areas appeared to be closed at both Luxor and Excalibur on Monday morning.

The Nevada Gaming Control Board declined to comment.

In a message on mgmresorts.com, MGM posted phone numbers for its 11 Strip properties and casinos in other states and asked guests to contact concierge services for assistance.

Several guests sitting with their luggage at Luxor said they had checked out without any difficulty using the company’s mobile app.

Hass said he was able to check out of his room at New York-New York, but a front desk worker could only provide him with a written statement of his hotel bill.

on the New York Stock Exchange Monday, but analysts said the decline could be attributed to several gaming companies reporting lower-than-expected monthly results in states outside of Nevada.

MGM Resorts was the victim of a cyberattack in 2019 that targeted a cloud server hosting the personal information of hotel guests. Some 10.6 million records were stolen and 1,300 people had information compromised, such as driver’s licenses and passport numbers.

Cyberattacks on casinos were a topic in December at the National Council of Legislators from Gaming States (NCLGS) conference at Resorts World Las Vegas, with a warning by cyber security experts that attacks could take place.

The most high-profile cyberattack on the casino industry happened in 2014 on Las Vegas Sands Corp., when an attack linked to Iran infected the casino company’s computer systems with malware and shut down three-quarters of its Las Vegas servers.

Sands admitted a month after the attack that customer and employee data, including Social Security numbers, driver’s license numbers and passport numbers, were stolen in the highly sophisticated intrusion. The company temporarily removed its individual casino websites and its corporate website from the Internet.

The cost of recovering data and building new systems cost Las Vegas Sands roughly $40 million.