Useless slots and cash bars annoy casino-goers after MGM cyberattack
MGM Resorts International has been saying its hotels and casinos are operational after a cyberattack over the weekend that appeared to take down everything, including payment systems and sports books.
Some of its patrons begged to differ.
Scanning a largely empty casino floor at the MGM Grand in Las Vegas on Tuesday, Marina Lopez said the hack has been a hassle. Restaurants were taking only cash, as was the poolside bar: She had to pay cash for a margarita the previous day.
An even bigger annoyance greeted guests eager to try their hand at the slot machines. Many one-armed bandits, she said, weren’t working.
“People came to play, they couldn’t play, and they left,” said Lopez, a hotel guest from Santa Cruz.
Days after the cyberattack on Las Vegas-based MGM, the fallout at its properties along the town’s famous strip varied from casino to casino.
Sports books were closed at the Cosmopolitan and MGM Grand. Several guests faced long waits to check in because employees was doing everything by hand, jotting down credit card information on clipboards. Slot machine attendants cashed out players the same way.
Many of the websites for MGM’s resorts, including the ones used to make reservations, remained down Wednesday morning. The company was referring customers to third-party websites to make bookings.
“Our investigation is ongoing, and we are working diligently to resolve the matter,” MGM said in a statement Tuesday. “The company will continue to implement measures to secure its business operations and take additional steps as appropriate.”
Moody’s Investors Service published a report Wednesday describing the cyberattack as “credit negative” for MGM Resorts, saying it “highlights key risks related to business operations’ heavy reliance on technology and the operational disruption caused when systems need to go offline or are inoperable.” Additional risks include potential revenue losses while systems were down, reputational risk and any direct costs related to investigation and remediation, Moody’s said.
The report also notes that BitSight, a cybersecurity ratings and analytics company, most recently scored MGM an F for its patching cadence, or the speed an organization remediates exposure to known vulnerabilities. MGM didn’t immediately respond to a request for comment on BitSight’s grade.
In Las Vegas on Tuesday, more than half of the guests interviewed at the Cosmopolitan and the Bellagio, which seemed largely unaffected, weren’t aware of the hack. By midday Tuesday, credit cards were being accepted in at least some MGM resorts.
Details of the attack remain scant, including who was behind it, their possible motive and the type of information the hackers may have obtained. The FBI office in Las Vegas was aware of the attack and assisting, an agency spokesperson said. MGM was also the victim of a 2019 data breach that exposed personal information of as many as 10.6 million customers.
MGM shut certain systems after discovering the attack over the weekend and began an investigation with the help of external cybersecurity experts, according to a statement posted on social media. By Monday evening, MGM was saying its resorts, including dining, entertainment and gaming, were “currently operational.”
Clearly not without some snags.
A waiter at the Cosmopolitan, who asked not to be identified, said that credit card payments were working, but that online orders and communications between properties remained down.
Traffic at the MGM Grand was noticeably light. A number of slot machines weren’t functioning, and an ATM wasn’t providing cash advances.