MGM losing up to $8.4M per day over 'cybersecurity issue'
MGM Resorts has officially entered its eighth day of “cybersecurity issues” that have silenced slot machines and shut down internal computer systems, costing the hotel and casino chain as much as $8.4 million per day in daily revenue.
David Katz, a gaming industry analyst with Jefferies Group, issued a note estimating that MGM could take a hit of between 10% and 20% on revenue and cash flow.
The company generates some $42 million in revenue and $8 million in cash flow daily, according to Katz.
MGM and Caesars Entertainment, the largest casino operator in the world, both fell victim to a suspected cyberattack carried out by hackers.
ALPHV, the hacking group, is believed to have used ransomware in their attack on MGM Resorts, which was forced to shut down its computer systems thus disabling hotel room pass cards, booking system, and machines on the casino gaming floor.
MGM guests posted videos to social media showing broken slot machines, downed elevators, long lines at the check-in counter, and cash-only payments for certain casino operations.
Caesars reportedly agreed to pay $15 million in ransom to the suspected hackers, enabling the company’s systems to go back online.
MGM is refusing to pay — thus limiting its ability to do business at full strength across its 14 hotels and casinos in Vegas, including the Bellagio, Aria, MGM Grand, NoMad, and Mandalay Bay.
Employees of the casinos told the Las Vegas Review-Journal on Monday that they hadn’t been paid as of Friday, though the company said that payroll had been met as planned.
“Although the issue is affecting some of the Company’s systems, the vast majority of our property offerings currently remain operational, and we continue to welcome tens of thousands of guests each day,” MGM Resorts said in a statement posted to their website.
“We are ready to welcome you.”
A reporter for the tech news site 404 who went to the MGM Grand said that food ordering kiosk touchscreens, which are the only way for customers to order food and drink, have yet to come back online as of Monday.
The reporter also observed that the giant video billboard for the Aria had “tons of flashing pixels, dead areas, and general software gore.”
The 404 writer also “encountered many broken escalators” as well as kitchen management computer screen that weren’t working.
Workers at the food court were relegated to taking down orders by pen and paper.
“It’s like we’re back in the caveman days,” an employee told 404.
Restaurants and bars in the casinos were unable to open tabs, thus requiring that all food be ordered at one time.
Customers were also denied the option of splitting checks within a party or splitting payment methods.
Guests who tried to cash out their winnings from the slot machines that were functioning had to be paid manually because the ticket-in-ticket-out systems weren’t working, according to the Review-Journal.
In his report, Katz said that the damages from the cyberattack would be covered by insurance, but to what extent is not clear.
“Our impression of the impact to MGM is that business remains operable and credit card use is possible, albeit manual, while more transactions are cash-based than usual,” he said.
The Post has sought comment from MGM Resorts and Caesars.