The MGM Resorts Cyber Attack Is Still Causing Chaos After 5 Days
The massive data breach follows a similar attack on Caesars Resorts last week.
MGM Resorts is on day five of a nightmarish cyber attack that has completely shut down the company's online operations. Initially, the resort did not confirm that the issues were the cause of a cyber attack—only that there were cybersecurity issues at hotels and casino floors in Las Vegas, Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio. Customers were told not to handle bookings or anything related to stays through the MGM, and the MGM Resorts website directed customers to handle their bookings over the phone.
Then, on September 12, MGM Resorts issued a statement formally addressing the issue:
"MGM Resorts recently identified a cybersecurity issue affecting certain of the Company's systems. Promptly after detecting the issue, we began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and are taking steps to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to resolve the matter. The Company will continue to implement measures to secure its business operations and take additional steps as appropriate."
By Thursday, news reports confirmed that MGM was the victim of a cyber attack. The FBI confirmed that it was investigating the incident. At the same time, Caesars Entertainment reported that the company had also been the victim of a cyber attack, and had paid a ransom, according to ABC News. Cybersecurity researcher V-X Underground reported that a group called ALPHV ransomware group was able to breach MGM's system by finding an employee on LinkedIn, and making a phone call. Bloomberg reported that the same group was responsible for the attack on Caesars.
At MGM, the attack has affected hotel booking, restaurant reservations, betting systems, and corporate email accounts. Some customers also reported not being able to use room keys. Reporting from KTVN Las Vegas revealed that MGM properties in Las Vegas seemed to have returned to normal operations, aside from long waits at front desks. On social media, some guests are saying it's a bit more intense: slot machines are reportedly being paid out manually by an employee, and the process has a wait time anywhere between 20 minutes to an hour.
The MGM Resorts website has a notice on its website advising what customers and guests can do while this attack continues to hobble the system.
"We apologize for the inconvenience. For restaurant options and reservations, please download the MGM Rewards App. To make a reservation for a resident artist, production show, or attraction please visit Ticketmaster.com. To purchase tickets for UFC, Las Vegas Aces, Vegas Golden Knights or a concert event at an Arena please visit AXS.com," the website states.
"For hotel reservations arriving September 13-17, 2023, we understand your travel plans may have changed, so we are waiving change and cancellation fees."
The process for how to go about canceling your booking is currently unclear. Phone numbers were previously listed on the MGM Resorts website, but are no longer listed. It does seem that those changes would need to be done over the phone, as all website booking functions are down. As of September 14, when you call the Central Booking phone number, 855-788-6775, an automated voice informs callers that MGM Resorts is not accepting phone calls due to technical difficulties.
In an update on Thursday afternoon, MGM thanked employees for their work and guests for their "continued patience."
If you have been affected by a data breach, there are specific steps you can take, according to Experian. First, if your information was compromised in a breach, the company that was breached is required to notify you. Right now, it might be too soon to determine exactly how the cyber attack against MGM will affect customers. But in the event that your data has been exposed, these are steps to take.
"If you're notified that your personal information was exposed in a data breach, act immediately to change your passwords, add a security alert to your credit reports and consider placing a security freeze on your credit reports," Experian advises.
Looking for more travel tips?
Whether you need help sneaking weed onto a plane, finding an airport where you can sign up for PreCheck without an appointment, or making sure you’re getting everything you’re entitled to when your flight is canceled, we’ve got you covered. Keep reading for up-to-date travel hacks and all the travel news you need to help you plan your next big adventure.