Las Vegas Cyberattacks: What happened to MGM and Caesars?

MGM Resorts and Caesars Entertainment in Las Vegas suffered cyberattacks that disrupted casino and hotel operations.

The attacks affected everything from slot machines to payment processing.

Investigations have been launched, with concerns about ransomware threats across industries on the rise. But how did these attacks occur and who is responsible?

MGM Resorts Faces Cyberattack

On Sunday 10 September, MGM Resorts fell victim to a cyberattack, as hackers disrupted access to the company’s casinos and hotels. Several major Las Vegas hotels, including the Bellagio, were affected.

To protect systems and data from the cybersecurity issue, MGM ‘took prompt action’ to protect their systems and data, including shutting down certain systems.

As a result, customers of MGM Resorts were unable to process card payments or access MGM accounts, and confronted issues with the hotel’s digital key system. Alongside the main website, slot machines, ATMs, and lifts were non-functional.

Customers experienced lengthy wait times for room check-ins, whilst some MGM employees reported not receiving their paychecks on time.

What Caused the MGM Attack?

The attack may have started with a phone call and affected various aspects of MGM’s operations.

The breaches were attributed to ‘social engineering’ attacks involving a phone-based impersonation technique known as ‘vishing’, which combines voice and phishing to manipulate human vulnerabilities.

Reported by Vox, the hackers were thought to have discovered an employee’s details on LinkedIn and used this information to impersonate the employee when contacting MGM’s IT help desk. This allowed them to acquire credentials to access and compromise the systems.

How did MGM Respond?

The company went into ‘manual mode’ following the attack. It issued handwritten vouchers and physical room keys to remain as operational as possible.

A message on the company’s homepage stated the site was ‘currently unavailable’ and directed customers to contact the company via phone, or through third-party websites.

On Tuesday 12 September, MGM Resorts released a statement. The hospitality company said it begun an investigation in response to the attack, with assistance from ‘leading external cybersecurity experts’.

“We also notified law enforcement and are taking steps to protect our systems… Our investigation is ongoing, and we are working diligently to resolve the matter,” said the company.

MGM stated it will continue to implement measures to secure its business operations and take additional steps as appropriate.

MGM Ends Computer Shutdown

After 10 days of the cyberattack, MGM Resorts International brought to an end to their computer shutdown.

“We are pleased that all of our hotels and casinos are operating normally,” the company posted on X, formerly Twitter.

The company confirmed resort services, dining, entertainment, pools, spas, and their website/app for dining and spa reservations are operational, with ongoing efforts to restore hotel bookings and loyalty rewards.

Reuters reported guests at Excalibur may experience delays due to ongoing efforts to normalise operations.

Brokerage firm Jefferies said these cyberattacks should be seen as ‘one-time, largely insurable events’ with no significant long-term impact on the business.

Caesars Entertainment Suffers Cyberattack

Caesars Entertainment confirmed it was breached by hackers on September 7, just days before the attack on MGM Resorts.

“Caesars Entertainment recently identified suspicious activity in its information technology network resulting from a social engineering attack on an outsourced IT support vendor used by the Company,” said Caesars Entertainment in a report to the United States Securities and Exchange Commission.

The company paid the ransom of roughly £12.2 million ($15 million), and avoided customer-facing disruptions, including physical properties and online and mobile gaming applications.

“As a result of our investigation, on September 7, 2023, we determined that the unauthorised actor acquired a copy of, among other data, our loyalty program database,” added Caesars.

The company said the breached data included driver’s license numbers and/or social security numbers for a significant number of members in the database. Its customer loyalty programme has more than 65 million members, the largest loyalty programme in the gaming industry.

Caesars continue to investigate the extent of any additional personal or ‘otherwise sensitive information’ contained in the files acquired by the unauthorised actor.

“We have no evidence to date that any member passwords/PINs, bank account information, or payment card information (PCI) were acquired by the unauthorised actor,” added the company.

Who Were the Hackers That Caused the MGM and Caesars Attacks?

ALPHV claimed responsibility for both the MGM Resorts and Caesars Entertainment hack, with collaboration from Scattered Spider. The hacking group demanded an unspecified ransom to restore access.

In a statement posted on X on 14 September, ALPHV claimed it still had access to MGM’s infrastructure.

“If a deal is not reached, we shall carry out additional attacks,” said ALPHV.

The alleged hackers said they attempted to reach out to the casino gaming company, but have not received a reply.

Initially, attribution for the attacks was ambiguous. Scattered Spider claimed responsibility for both breaches, but ALPHV contradicted those claims.

Reuters reported Scattered Spider typically uses social engineering to lure users into giving up their login credentials or one-time-password (OTP) codes. The aim is to bypass multi-factor authentication.

Scattered Spider, also known as UNC3944, has a history of targeting telecom and business process outsourcing (BPO) firms. Analyst reports indicated that they have expanded their focus to include critical infrastructure organisations.

What was the Cost of the Las Vegas Cyberattacks?

With 31 unique hotel and gaming destinations globally, MGM could face incredibly high revenue loss. The Las Vegas Review Journal reported that MGM could have lost between £3.3 million ($4.2 million) to £6.7 million ($8.4 million) in daily revenue.

Daily cash flow reduction could hit £808,335 ($1 million) for each day it remained under a cyberattack. Equity analyst David Katz forecasted a potential 10-20% decrease in MGM’s revenue and cash flow for the duration of the current conditions.

Both MGM and Caesars experienced stock price drops and operational disruptions due to the attacks.

Compensation in Many Forms

MGM Resorts extended penalty-free room cancellation options until September 17 for their customers, as they continued to restore booking capabilities.

Larry Flynt’s Hustler Club in Las Vegas offered complimentary services. This included luggage storage, airport pickup, a £977 ($1,200) platinum VIP membership, and lap dances. These efforts were said to be aimed at reducing stress for both customers and employees.

“As members of the hospitality industry, we decided to do our part to help improve the guest experience during their visit to Las Vegas which will in turn alleviate the stress of the employees who are so diligently handling the situation,” said Brittany Rose, General Manager of the Hustler Club, to TMZ.

Concerns of Ransomware Attacks Grow

The Las Vegas cyberattacks have raised concerns regarding ransomware attacks and their affect on various industries.

David Bradbury, Okta’s Chief Security Officer, told Reuters that since August, five of their clients were targeted by the hacking groups ALPHV and Scattered Spider. This included MGM and Caesars. Three other companies in manufacturing, retail, and technology sectors were also targeted.

Hungry for more tech news?

Sign up for your weekly tech briefings!