MGM Resorts Thwarts Cyberattack After 10-Day Shutdown, Caesars Pays $15M Ransom for Data Protection


After enduring a 10-day computer shutdown, MGM Resorts announced it has successfully thwarted a cyberattack threat which compromised hotel reservations and credit card processing, thus fully restoring services in its hotel and casino properties. The Las Vegas behemoth used a popular microblogging site to communicate this information, stating that the assault was initially identified on September 10.

In a parallel event, Caesars Entertainment, a notable competitor, divulged to government officials that it too had fallen prey to a similar cyber onslaught on September 7. While their casino and online operations remained unaffected, they could not assure the complete safety of personal information for tens of millions of clients, including highly sensitive data such as driver’s licenses and Social Security numbers of loyalty rewards members. It is believed that Caesars remitted $15 million out of the $30 million ransom demanded by the cyber group, Scattered Spider, in exchange for data protection assurance.

Follow us on Google News! ✔️

In contrast, the repercussions of the MGM attack remain under wraps, leaving many speculating the nature of the compromised data and the financial burden this placed on the company. Observations by Gregory Moody, a cybersecurity expert from the University of Nevada, suggest the computer shutdown could have cost MGM up to $8 million per day, equivalent to a cumulative loss of $80 million; a seemingly minor setback given MGM Resorts’ reported annual revenues well above $14 billion.

Contrary to these concerns, the Las Vegas based company stated that all amenities including resort services, dining, entertainment, pools, and spas were running efficiently, with digital services for dining and spa reservations actively restored. The company is also diligently working towards reactivating hotel booking and loyalty reward functionalities.

Such discerning incidents have exposed glaring cybersecurity deficiencies in MGM and Caesars and shattered the illusion of invincibility that such casino empires often cast. In light of these attacks, industry experts urge all casinos to bolster their defensive measures, continually monitor the integrity of their systems, and execute their incident response processes. This arises from a stark possibility of witnessing an increased frequency of such attacks.

With that being said, it is clear that no system is immune to breach regardless of the defensive infrastructure in place. As Moody suggests, it is not so much a question of if an attack will happen, but rather when it will transpire. In light of this, ensuring the secure operation of an online casino becomes a gargantuan task.