Casino Giants Under Siege: The MGM Resort’s Cyberattack Saga

According to a recent Forbes article, MGM Resorts (one of the world’s largest casino-hotel companies) fell victim to a devastating cyberattack. This attack forced the company to shut down operations at several iconic casino hotels in Las Vegas, including the Bellagio, Mandalay Bay, and the Cosmopolitan, along with several other MGM properties across the United States. The breach left hotel guests locked out of their rooms, disrupted essential services, and even led to manual transaction processing. Let’s delve into the details of this significant cyber incident and its implications.

The Attack Unfolds

The cyberattack on MGM Resorts came to light when the company detected an issue on a Sunday evening. They acted swiftly, initiating an investigation with the assistance of cybersecurity experts and notifying law enforcement. In response, they took immediate steps to protect their systems and data by shutting down certain systems. However, the attack’s impact was far-reaching, affecting not only the company’s operations but also its guests. 


Guests’ Ordeal

Hotel guests found themselves locked out of their rooms for hours, unable to use the mobile app or digital key cards for transactions. This disruption forced the hotels to resort to manual transaction processing, causing considerable inconvenience to both guests and staff. The iconic Las Vegas casinos were partially operational, but critical reservation systems for hotel rooms and restaurant bookings remained offline for more than 24 hours. 


The Fallout

MGM Resorts, a financial giant in the casino-hotel industry, reported $14.1 billion in revenue just last year. Las Vegas alone witnesses approximately 12 million room nights booked with MGM annually. This cyberattack timing could not have been worse, as it disrupted operations during a period when MGM’s Las Vegas Strip hotels boasted a 96% occupancy rate, generating massive daily revenue. 


The Cybersecurity Challenge

The hospitality industry, including casino hotels, has long been a prime target for cybercriminals. These establishments store vast amounts of personal data, including names, passports, addresses, and credit card numbers, making them attractive targets for cyberattacks aimed at profiting from stolen information. Recent years have seen a slew of high-profile data breaches affecting major hotel brands, underlining the industry’s vulnerability. 


A New Trend in Cyberattacks

Cybersecurity experts have observed a worrying trend in cyberattacks targeting hotels, with an increasing focus on supply-chain attacks. These attacks exploit vulnerabilities in popular platforms to gain initial access. Notably, there have been instances of cybercriminals using zero-day vulnerabilities in hotel booking engines to steal financial information, indicating a growing sophistication in attack methods. 



The cyberattack on MGM Resorts serves as a stark reminder of the ever-present threat to data security in the digital age. While many attacks focus on data theft, this incident stands out for its disruptive impact on daily business operations. As MGM Resorts works tirelessly to recover and restore its systems, the incident underscores the need for heightened cybersecurity measures across all sectors, especially in industries that handle sensitive customer data. The consequences of a cyberattack can be not only financial but also deeply disruptive, affecting both businesses and their customers. 

In today’s ever-evolving digital landscape, it’s crucial to recognize that both known and zero-day vulnerabilities are a part of the cybersecurity landscape. Attackers are constantly seeking new ways to exploit weaknesses in software and systems and these threats can have serious consequences for both organizations and individuals. The key takeaway from this incident is that cybersecurity is an ongoing process, and staying informed and prepared is the best defense for known and zero-day vulnerabilities. 

Scroll to Top