In a significant breach of technological defenses, MGM Resorts International’s properties strewn across cities like Las Vegas, Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio fell victim to a severe cybersecurity attack this week. This incident marks another episode in a series of cyberattacks in Las Vegas, with MGM Resorts being a repeated target.
Each of MGM Britain’s 12 properties in Las Vegas was affected by this cyber onslaught. Las Vegas casinos have always been favored targets for cybercriminals, although many such incidents have been strategically unreported. In response, some casinos have opted to pay ransoms to retrieve their essential data or restore their systems. Notable among the victims is Caesars Entertainment, believed to have incurred a similar attack last week.
In times gone by, there was no legal binding on public companies to disclose instances of cyber-attacks or paid ransoms, which often resulted in tremendous losses. However, the recent rules established by the Securities and Exchange Commission (SEC) mandate the disclosure of cybersecurity incidents and the amount spent on ransoms to alleviate the situation.
In an unprecedented act of state-sponsored cyberterrorism back in February 2014, 75% of the servers of the Las Vegas Sands Corporation were destroyed. The attack caused an estimated loss of $40 million in equipment costs and data recovery, with the company’s outspoken CEO Sheldon Adelson believed to be the primary target.
From May 2014 to December 2015, more than 300 casinos, restaurants, and hotels under the franchise of Texas-based Landry’s experienced strategic breaches at payment points. Hackers installed malicious software that captured valuable card information across the company’s diverse operation points, ranging from food and beverage outlets to spas and other entertainment locations.
The upscale Hard Rock Hotel & Casino suffered multiple breaches from October 2015 to March 2017. Malware infected the casino’s card processing system, levying unapproved access to customer credit card details, and confidential hotel reservation information. The breach was primarily detected when guests reported fraudulent activities linked to their credit cards.
Summer of 2019 witnessed the MGM Resorts International struggle with its first major data breach. This breach led to the exposure of personal data relating to approximately 10 million guests on a Russian hacking forum. Comprising names, postal and email addresses, phone numbers, and even birthdates, this data was later found for sale on the dark web.
Early 2020 saw the Four Queens/Binion’s Gambling Hall shut down for nearly a week following a massive cyberattack. Later, in 2021, gaming tavern Dotty’s fell prey to malware invasion, and an unauthorized entity, leading to a significant data leak. Moving into October 2022, The Palms Las Vegas was targeted, its website left indisposed for over a day due to a malware attack.
These instances reflect the evolving threat landscape of the casino industry. Cyberspace, riddled with such instances of cyber sabotage, continues to pose elusive challenges. And as technology escalates, so does the complexity and depth of these attacks.
