Summary

In this episode, Nick & Don present metrics and theories related to operator reports of significantly increased jackpot activity within North American casinos. They also discuss key areas of interest for this year's G2E trade show in Las Vegas.

Transcript

Nick Hogan:

Good morning, Don. How are things today in the land of Lincoln?

Don Retzlaff:

Morning, Nick, everything’s great. We’ve finally broke the 100 degree days and we’re down to beautiful fall days, temperatures in the 80s, so it’s been a good week. Beat the Bucs all weekend for football, so that was good. And actually bowled well last night too, so it’s been a good week.

Nick Hogan:

Okay, all right. What was your score? Your bowling score always freak me out.

Don Retzlaff:

Well, my middle game was the highlight. I had a spare in the first, then I had the next 11 strikes in a row for 290.

Nick Hogan:

God.

Don Retzlaff:

So it’s the highest game I’ve had in a few years. It’s been, gosh, it’s probably been 10 years since I’ve shot a 300. I had a couple 298s in there. But the 290 last night was pretty nice.

Nick Hogan:

Those are completely insane numbers. Remind me to never go bowling with you ever.

Don Retzlaff:

I’ve been doing it, gosh, I’ve been bowling since 1969, so I’ve been bowling for a long time.

Nick Hogan:

Yeah, yeah, yeah, yeah.

Don Retzlaff:

Had to shut my phone’s off during these things.

Nick Hogan:

No worries. No problem, no problem. Let’s see. Okay, so the big news since our last episode, cyber attacks against MGM and Caesars.

Don Retzlaff:

Very scary.

Nick Hogan:

Man oh man, those were horror stories. So I saw MGM posted this morning that their systems are back online, but boy did it ever disrupt their operations. So it sounded as though virtually every system was affected, so reservations, F&B, loyalty slots, you name it. And my understanding is they’ve been doing hand pays since it started.

Don Retzlaff:

Oh, my.

Nick Hogan:

The free play and loyalty were both locked down. They couldn’t clear credit card transactions and even the room keys were affected. So it went on for 10 days in total. And I saw this morning that the Wall Street Journal estimates that the financial impact was around $8 million a day.

Don Retzlaff:

Yikes.

Nick Hogan:

So that qualifies as an ouchie for sure. And as for Caesars, so that came out in a recent 8-K SEC filing that hackers recently infiltrated and locked down the Total Rewards database demanding a $30 million ransom.

So it appears the hack didn’t go much farther than that, and Caesars was able to negotiate it down to $15 million, which it ultimately paid. And as is so common and maddening with these scenarios, Caesars rightly noted that it can’t guarantee that the data stolen won’t be resold or redistributed, nor that can they really warrant that paying the ransom will truly neutralize the threat. So good on them for stating that. And it really just underscores how loaded with dilemma these situations are.

And it appears that in each case, the hackers gained access by impersonating employees with the IT support desks, and then somehow managed to secure super admin credentials within the identity access management systems. And for anybody who uses those IAM products, you know what this means. It’s the nightmare scenario. It’s effectively a universal passkey.

And I have to say, when you hear these stories recounted in person, I mean, I was recently speaking with some folks at a California property that got nailed and their version of how it unfolded just truly sent chills down my spine. It was just at one point in the night, department after department starts reporting system outages until blamo, everything is locked down. And just trying to imagine the pit in your stomach and the feelings of powerlessness. It’s crazy. So Don, have you ever experienced that? Have you ever been in operation that’s been hacked?

Don Retzlaff:

No, I have not. We had a ransomware attack at one of the properties that affected a single computer, but nothing system wide. We spent a lot of time, a lot of effort on training the teams. And IT would actually send out emails that would try to get people to click on stuff even though they’ve been trained not to. And they would scorecard the employees. And if you missed one, if you had a fake phishing attack and you clicked on it, the managers would get reports and you’d have to retrain people. If you did it again, you retrain people. You did it a third time, it starts costing people their jobs because you can see how serious it is. So I bet all the compliance and all of the IT staffs are gearing up more training here in the very near future.

Nick Hogan:

Yeah. And that’s really the problem with so much of this is it really is, it does come down to those human vulnerabilities, which is really what hit here. And so you can be as locked down as you want to, as possible technically, but still those human frailties are there and it can really cause problems. Oh, well.

Okay. So we did have a couple of listener questions that I wanted to hit. And before I do so, we’d love to tackle any questions that anyone listening may have. So if you have a question about what we’re presenting or something you’d like us to present, please drop us an email at reelcast@reelmetrics.com. Again, that’s R-E-E-L C-A-S-T @reelmetrics.com. Our policy is to keep all questions anonymous, so please speak directly and don’t worry about us revealing your identity. That’s not something we do.

Okay, so the first question comes from a French operator, and it is, “Hi, Nick and Don, love the podcast. Any thoughts about the decision to move the ICE show from London to Barcelona?” So I somehow failed to mention that news item last month. But for anybody who was not aware, Clarion announced in early August that the I-C-E, International Casino Exhibition will move from