–
How was MGM Resorts hacked? A cyberattack that lasted for days
In September 2023, MGM Resorts, one of the largest casino and hospitality operators worldwide, suffered a significant cyberattack that crippled its operations for nearly a week. The incident disrupted some of the most iconic properties on the Las Vegas Strip, such as the Bellagio, the Cosmopolitan, and the Mandalay Bay, along with other MGM-owned resorts across the United States.
During the breach, guests faced a range of issues, including malfunctioning slot machines, ATMs, digital key cards, electronic payment systems, and online reservations. In certain instances, MGM reportedly reverted to pen-and-paper methods to process transactions. As a gesture of goodwill, the company waived change and cancellation fees for travelers unable to utilize their original bookings.
Although MGM swiftly implemented remediation measures, the cyberattack’s short-term impact—loss of revenue and tarnished customer trust—was profound. Even in 2025, many in the industry continue to analyze this event as a high-profile example of ransomware and social engineering attacks on large-scale enterprises.
Related reading:
But who was behind this attack and how did they manage to breach MGM’s systems? Here’s what we know so far.
Who cyber attacked MGM?
Shortly after the incident, various cybersecurity researchers began attributing the breach to a hacking group known as Scattered Spider, thought to be a subgroup of the ALPHV ransomware gang (also referred to as BlackCat). ALPHV has gained notoriety since 2020 for deploying sophisticated malware to encrypt corporate data and demand hefty ransoms for its release.
Scattered Spider also claimed responsibility for a near-simultaneous hack on Caesars Entertainment, another Las Vegas casino giant. Subsequent reporting suggested Caesars may have paid roughly half of a $30 million ransom to protect the confidentiality of data stolen from its loyalty program database 11. This database reportedly contained the personal information of millions of customers.
How did Scattered Spider hack MGM?
While comprehensive technical details did not fully emerge until well into 2024, investigators pieced together how Scattered Spider may have gained initial access. Based on findings from Ars Technica 22, the group specialized in vishing (voice phishing), whereby attackers impersonated IT staff or vendors over the phone. By targeting unwitting employees, they harvested legitimate login credentials—then escalated privileges to access critical systems.
New evidence surfaced in late 2023 showing that Scattered Spider used multi-factor authentication (MFA) fatigue tactics, repeatedly prompting targeted employees for MFA approvals until one was mistakenly granted. Once inside, the attackers exfiltrated sensitive data and deployed ransomware that encrypted portions of MGM’s IT infrastructure, leading to days of operational disruption.
Additional resources:
Has MGM been hacked before?
Yes. MGM Resorts suffered a data breach in 2019 that exposed personal information for up to 10.6 million customers, including high-profile individuals. The stolen data—names, phone numbers, email addresses, and birth dates—later appeared on online forums for anyone to download 33. Following the 2019 breach, MGM claimed to have bolstered its cybersecurity infrastructure; however, the 2023 incident highlighted that social engineering remains a potent threat, even for organizations with reinforced digital defenses.
Press Release:
What was the fallout of the MGM Resorts hack?
Though the initial disruption in September 2023 lasted under a week, the financial and reputational consequences have extended well into 2025. Key impacts include:
- Revenue and operational losses: MGM reported a $100 million hit to its third-quarter 2023 results as a direct consequence of systems forced offline 44.
- Regulatory scrutiny: The Federal Bureau of Investigation (FBI) launched a formal inquiry, and the Nevada Gaming Control Board investigated to ensure MGM complied with state-mandated cyber incident reporting.
- Customer trust: MGM faced critical brand damage, with negative sentiment across social media and some guests hesitant to trust MGM’s online booking and loyalty program platforms.
- Class action lawsuits: By early 2024, several groups of plaintiffs filed class action suits claiming MGM’s security measures were inadequate. As of 2025, some of these cases remain active, while others have settled confidentially.
- Strengthened cybersecurity: In late 2024, MGM committed to an additional $50 million investment in endpoint protection, cloud security, and employee training to mitigate future social engineering threats.
Learn more:
How were guests affected by the MGM Resorts hack?
Guests encountered a variety of inconveniences in the immediate aftermath:
- Slot machines and ATMs malfunctioning or offline
- Digital key cards failing to unlock hotel rooms
- Electronic payment systems rejecting credit cards
- Online reservations inaccessible or stuck in pending status
- TV service and phone lines down in certain hotel rooms
- Sportsbooks temporarily shuttered
- Long lines at check-in desks, restaurants, and bars
- Cash-only transactions or manual credit card imprinting in some locations
Customer reaction was mixed—some criticized MGM for not having robust contingency plans, while others commended staff members who worked diligently under difficult circumstances. By October 2023, MGM had largely restored normalcy, though sporadic system glitches reportedly persisted through early 2024.
Related coverage:
Was any customer info stolen in the 2023 MGM Resorts data hack?
Following an internal investigation completed in Q1 2024, MGM Resorts publicly confirmed that customer data was accessed, potentially including:
- Name
- Contact information
- Gender
- Date of birth
- Driver’s license number
For a smaller subset of guests, Social Security numbers and passport details were also compromised 55. MGM continued to maintain in its 2024 updates that there was no evidence the data had been widely exploited for identity theft or account fraud. Nonetheless, customers were encouraged to use credit monitoring and fraud alert services. As part of several legal settlements, MGM offered free identity protection subscriptions to impacted individuals.
See also:
What happened to MGM Resorts shares after the attack?
MGM’s stock (NYSE:MGMNYSE: MGM) saw an immediate reaction when news of the hack broke. Shares dropped about 4.1% in two trading days, closing at $41.99 on September 12, 2023, down from $43.79 on September 8. Although the stock rebounded slightly by mid-September, it remained under pressure throughout Q4 2023 as analysts weighed potential legal liabilities and brand damage.
However, travel and tourism demand rebounded strongly in 2024, boosted by continued post-pandemic recovery. As of January 2025, MGM’s share price is hovering around the mid-$50 range, supported by robust hospitality and gaming revenues and a general upswing in the Las Vegas travel market.
Was there any previous cyberattack in Las Vegas?
Yes. In February 2020, the City of Las Vegas reported a cyberattack on its municipal network. Prompt detection and rapid remediation measures prevented any large-scale data leak or extended shutdown. The city credited robust incident response protocols for averting more severe disruptions. Moreover, Caesars Entertainment separately confirmed an incident in September 2023 (around the same time as MGM’s) that compromised loyalty program data for millions of customers.
These events underscored Las Vegas’s status as a prime target for cybercriminals, given the concentration of casinos, hotels, and high-value financial transactions. In 2024, Nevada lawmakers began contemplating stricter cybersecurity regulations for the state’s gaming industry, but no final legislative package had been enacted as of early 2025.
Further reading:
In an era of high-profile cyberattacks like those faced by MGM Resorts and other global organizations, Inszone stands out as an industry leader in Cyber Liability coverage. We offer robust strategies to help businesses withstand data breaches, ransomware demands, and other cyber threats. Protect your company’s critical assets and reputation—contact Inszone now to learn how their customizable Cyber Liability solutions can fortify your digital defenses.
References
: Hackers claim MGM cyberattack as outage drags into fourth day | TechCrunch
: A phone call to helpdesk was likely all it took to hack MGM | Ars Technica
: The MGM Resorts is operational after cybersecurity issue – CNN
: MGM Resorts says data breach exposed personal information – BBC News
: MGM Stock Price | MGM Resorts International Stock Quote (U.S.: NYSE) | MarketWatch
Disclaimer: The information above is based on publicly available sources and reported details as of January 2025. Future developments, legal proceedings, and additional disclosures by MGM Resorts or law enforcement may alter the scope and specifics of the incident.
Fatima Gomez, CCIP, WCIP
