In a shocking turn of events, a major cyberattack has crippled the computer systems of MGM Resorts, causing the temporary closure of a dozen of the most renowned casino hotels in Las Vegas. This unprecedented attack, which also affected half a dozen other MGM properties across the United States, left hotel guests stranded outside their rooms for hours, unable to utilize their digital key cards for transactions. As a result, the hotels had to resort to manual processes, throwing operations into chaos.
Since Monday evening, MGM Resorts’ website has been replaced with a simple splash page, directing guests to contact the company via phone. The breach was initially detected on Sunday evening, prompting MGM to launch an investigation with the assistance of leading external cybersecurity experts. Law enforcement, including the FBI, was promptly notified, and immediate action was taken to safeguard their systems and data, including the shutdown of certain systems. As of now, the FBI’s involvement continues as they work to uncover the extent and impact of the breach.
MGM Resorts, one of the world’s largest casino-hotel companies, reported an impressive $14.1 billion in revenue in the previous year. In Las Vegas alone, the company accommodates approximately 12 million room nights annually. This staggering scale underscores the significance of the cyberattack on such a prominent player in the hospitality industry.
By late Monday evening, while the casino floors at MGM properties were operational, the vital reservation systems for hotel rooms and restaurant bookings remained offline for more than 24 hours. As the situation continues to develop, MGM Resorts has not yet responded to inquiries from Forbes.
In the earnings release for the quarter ending on June 30th, MGM revealed a remarkable 96% occupancy rate for its Las Vegas Strip hotels. These hotel rooms generated an astounding $707 million in revenue compared to $492 million from the casinos during the same three-month period. This data highlights that MGM’s Vegas Strip properties typically generate an estimated $8 million per day in hotel room revenue alone.
“Cybercriminals have long recognized the hospitality sector as a prime target,” remarks Martin Zugec, the Technical Solutions Director at Bitdefender, a multinational cybersecurity firm. He points out that the sector holds a treasure trove of personal data, including names, passport details, addresses, and credit card information, all of which are highly valuable on the black market.
The past decade has witnessed a series of high-profile data breaches at major hotel brands, including Marriott, Hyatt, Hilton, InterContinental, Sheraton, Westin, Starwood, Wyndham, Omni Hotels, and Mandarin Oriental. In 2018, Marriott disclosed a colossal breach that compromised the data of half a billion customers. These breaches typically target personal data and are often discovered after the fact, resulting in compromised customer information.
More recently, Bitdefender has observed a troubling trend in supply-chain attacks targeting hotels. These attacks exploit vulnerabilities in popular platforms to gain initial access, a strategy that has been increasingly effective. Just last week, Bitdefender uncovered an instance where cybercriminals used zero-day vulnerabilities in a hotel booking engine to pilfer financial information. Multiple organizations fell victim to this ongoing attack, emphasizing the ever-evolving and sophisticated nature of cyber threats.
What sets the MGM attack apart from the majority of breaches is its disruptive impact on the daily operations of the affected hotels, a disruption that persisted for an extended period. While cyberattacks typically focus on data theft, this attack delivered a crippling blow to the functionality and services of the casinos and hotels, causing considerable chaos and inconvenience for guests.
The repercussions of this cyberattack extend beyond MGM Resorts alone, casting a stark spotlight on the vulnerability of the entire hospitality industry. The industry must confront the urgent need for enhanced cybersecurity measures to safeguard not only customer data but also the uninterrupted operation of their establishments.
In the wake of this incident, experts and industry insiders are left wondering about the motives behind the attack, the extent of the data compromised, and the lessons to be learned.
MGM Resorts’ Response:
MGM Resorts’ immediate response to the cyberattack demonstrates a commitment to protecting its guests and their data. Upon detecting the breach, the company wasted no time in launching an investigation, enlisting the expertise of external cybersecurity professionals. Simultaneously, law enforcement agencies, including the FBI, were informed of the incident.
The FBI’s involvement underscores the gravity of the situation. Cyberattacks of this magnitude are not only a threat to individual companies but also to national security and the economy. The ongoing investigation will seek to identify the perpetrators, assess the full scope of the breach, and uncover any potential motives.
The Impact on Guests:
For the guests of the affected MGM Resorts properties, the cyberattack brought about a nightmarish experience. Locked out of their rooms for hours, guests found themselves unable to access their accommodations or use their digital key cards for transactions. This disruption not only inconvenienced guests but also posed questions about the security and reliability of digital systems in the hospitality industry.
In response to the digital lockdown, the hotels had no choice but to resort to manual processes to facilitate guest transactions, a significant departure from the seamless and efficient digital experience that guests expect. This incident highlights the critical importance of maintaining robust backup systems and contingency plans in the event of a cyberattack.
The Fallout for MGM Resorts:
The repercussions of the cyberattack on MGM Resorts are significant and multi-faceted. Beyond the immediate financial implications of the shutdown and the costs associated with investigating and mitigating the breach, the incident has cast a shadow over the company’s reputation.
In an era where data privacy and cybersecurity are paramount concerns for customers, MGM Resorts must work diligently to restore trust and reassure its guests that their personal information is secure. The fallout from this incident serves as a stark reminder to all companies of the potential consequences of lax cybersecurity measures.
Lessons for the Hospitality Industry:
The cyberattack on MGM Resorts serves as a sobering lesson for the entire hospitality industry. It underscores the need for comprehensive cybersecurity measures that encompass both data protection and the safeguarding of critical operational systems.
As cyber threats continue to evolve and grow in sophistication, businesses in the hospitality sector must invest in robust cybersecurity strategies, employee training, and incident response plans. Furthermore, supply-chain attacks, as demonstrated in this case, are an emerging threat that requires heightened vigilance and proactive security measures.
Ultimately, the hospitality industry must prioritize cybersecurity as a core component of its business strategy, recognizing that the cost of neglecting this critical aspect can extend far beyond the financial realm, affecting both reputation and customer trust.
In conclusion, the cyberattack on MGM Resorts is a stark reminder of the evolving and pervasive nature of cyber threats in today’s interconnected world. As the investigation unfolds and the fallout is assessed, it is clear that this incident will leave a lasting impact on the company and the broader hospitality industry. It serves as a wake-up call for businesses to prioritize cybersecurity, not only to protect data but also to ensure the uninterrupted delivery of services to their customers.