UPDATE: ‘Cybersecurity issue’ takes down systems at MGM Resorts, affects gaming operations

September 11, 2023 4:03 PM
Photo: Shutterstock
  • Cory Roberts, CDC Gaming Reports
September 11, 2023 4:03 PM
  • Cory Roberts, CDC Gaming Reports

Early Monday morning, MGM Resorts issued notice of a cybersecurity issue that has taken down key systems in the company’s operations.

Story continues below

MGMResorts.com as of 11:40 am ET, on 9/11/2023

The scope of the issue is not yet fully understood, but company email is down, leading MGM to communicate the issue via a Gmail account. All pages on the company’s website for casinos across the United States, including the reservation system, are down and are redirected to a basic page with a white background directing visitors to call concierge for service.

Later in the morning, it appears the issue has crept into the gaming floor, with a photo of dozens of slot machines offline at Aria on the Las Vegas Strip popping up on social media platform X at 9:17 am PT. In another thread on X, multiple people are reporting that slots are down at Borgata in Atlantic City and MGM Northfield in Ohio as well.

Slot machines at Aria offline at 9:17 am PT, photo courtesy of @ob1989 on X.

Fox 5 Las Vegas reported early in the morning that all computer-based operations at Bellagio are being done manually and that credit card machines are not functioning, making operations cash only. Gambling writer David Danzis in Atlantic City confirmed the issue is affecting Borgata, and a guest at MGM Grand Detroit reported the same issues with credit card machines, suggesting that the issues are happening at MGM casinos nationwide. At the same time, guests are reporting that ATMs are down, and some are locked out of their rooms because the app—and therefore the digital keys—is not operational.

While details will be released as they are known, MGM Resorts notified law enforcement, which suggests the incident is a cyberattack. According to a statement by the company, some of the systems were shut down out of precaution for the systems and their data and may be unaffected by the apparent breach. The company’s statement in its entirety is below:

“MGM Resorts recently identified a cybersecurity issue affecting some of the Company’s systems. Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter.”

MGM stock was down 2.37% to $42.70 at market close.

CDC Gaming Reports reached out to MGM Resorts Monday morning to ask if gaming operations are affected in any way and will update the article if a response is issued.

MGM Macau appears to be unaffected by the cybersecurity issue, but BetMGM customers in Nevada are unable to login, according to the Associated Press.

The incident is not the first cybersecurity incident involving MGM. In 2020, the details of 10.6 million guests were published publically online. According to ZDNet, who verified the legitimacy of the data, it contained personal details such as full names, home addresses, phone numbers, emails, and dates of birth for guests ranging from tech CEOs, to government officials, to Justin Bieber. Upon being notified of the data release, MGM was able to pinpoint it to a cybersecurity incident in the summer of 2019 and said affected guests were notified in accordance with applicable state laws.