2023 Cyber Attack & Breach on the MGM Resort Explained

1 April 2024

How was MGM Resorts hacked? A cyberattack that lasted for days

MGM Resorts, one of the largest casino operators in the world, was hit by a cyberattack that disrupted its operations for several days in September 2023. The attack affected some of the most iconic properties on the Las Vegas Strip, such as the Bellagio, the Cosmopolitan and the Mandalay Bay, as well as other MGM resorts across the US. Guests reported issues with slot machines, ATMs, digital key cards, electronic payment systems and online reservations. The company had to resort to using pen and paper for some transactions and waived change and cancellation fees for affected bookings.

But who was behind this attack and how did they manage to breach MGM’s systems? Here’s what we know so far.

Who cyber attacked MGM?

According to TechCrunch, a hacking group known as Scattered Spider claimed responsibility for the MGM cyberattack. Scattered Spider is believed to be a subgroup of the ALPHV ransomware gang, which has been active since 2020 and targets large organizations with sophisticated malware that encrypts their data and demands payment for its release.

Scattered Spider is also suspected of being behind a recent cyberattack on another hotel and casino giant, Caesars Entertainment, which reportedly paid about half of the $30 million ransom demanded by the hackers to prevent the disclosure of stolen data. Caesars confirmed that hackers stole its loyalty program database, which included personal information of millions of customers.

How did Scattered Spider hack MGM?

The exact details of how Scattered Spider hacked MGM are not yet known, but security researchers have some clues based on the group’s previous attacks. According to Ars Technica, Scattered Spider uses fraudulent phone calls to employees and help desks to “phish” for login credentials. The hackers then use these credentials to access the network and deploy their ransomware.

This technique is known as vishing, or voice phishing, and it relies on social engineering and impersonation skills to trick unsuspecting victims into giving away sensitive information. Scattered Spider has been known to pose as IT staff, vendors or partners of the targeted organization and use spoofed phone numbers to make their calls look legitimate.

Has MGM been hacked before?

Yes, MGM has been hacked before. In 2019, MGM Resorts suffered a data breach that exposed personal information on as many as 10.6 million customers, including celebrities, journalists and government officials. The stolen data included names, phone numbers, email addresses and dates of birth. The hackers later posted the data online for anyone to download.

MGM Resorts said at the time that it notified affected customers and offered them free credit monitoring services. The company also said that it had “strengthened and enhanced” its security measures since the 2019 breach.

What was the fallout of the MGM Resorts hack?

The fallout of the MGM Resorts hack is still unfolding, but it is likely to have significant financial and reputational consequences for the company. MGM Resorts is one of the largest employers in Nevada, with more than 70,000 workers. The company also operates resorts in other states, such as Maryland, Massachusetts, Michigan and New Jersey.

The cyberattack could result in lost revenue from disrupted operations, reduced customer loyalty and trust, increased legal liability and regulatory scrutiny, and higher costs for cybersecurity improvements and remediation. The attack could also damage MGM’s brand image and competitive advantage in the highly lucrative gaming and hospitality industry.

How were guests affected bythe MGM Resorts hack?

Guests were affected by MGM Resorts in various ways, depending on the property they stayed at and the services they used. Some of the common issues reported by guests were:

  • Slot machines and ATMs not working or dispensing cash
  • Digital key cards not opening hotel rooms
  • Electronic payment systems not accepting credit cards
  • Online reservations not available or confirmed
  • TV service and phone lines down in hotel rooms
  • Sportsbooks closed or not taking bets
  • Long queues at check-in desks, restaurants and bars
  • Cash-only transactions at some venues
  • Pen and paper used for some transactions

Some guests expressed frustration and disappointment with the situation, while others were more understanding and sympathetic. Some guests also praised the staff for their professionalism and helpfulness during the outage.

Was any customer info stolen in the 2023 MGM Resorts data hack?

According to a press release from MGM Resorts, the affected information included name, contact information, gender, date of birth, and driver’s license number for some of its customers who used MGM services before March 20191. For a limited number of customers, Social Security number and/or passport number was also affected. The company said it has no evidence that the hackers have used this data to commit identity theft or account fraud2. The cyber-attack also caused a $100 million hit to the company’s third-quarter results, as it had to shut down certain systems and restore its operations4. The FBI is investigating the breach, which is believed to have started with a social engineering attack on the company’s IT service desk5.

What happened to MGM Resorts shares after the attack?

MGM Resorts shares fell 4.1% in two days after the attack was revealed. The stock closed at $41.99 on Tuesday, September 12th, 2023, down from $43.79 on Friday, September 8th, 2023. The stock has since recovered some of its losses and closed at $42.65 on Friday, September 15th, 2023.

Regardless, MGM Resorts shares have been performing well this year, thanks to the recovery of travel and tourism demand after the COVID-19 pandemic.

Was there any previous cyberattack in Las Vegas?

Yes, there was a previous cyberattack in Las Vegas. In February 2020, the city of Las Vegas reported that it experienced a cyberattack that attempted to breach its network. The city said it detected the attack early and took steps to protect its systems. The city also said that no data was lost or stolen and that its operations were not significantly affected.


: Hackers claim MGM cyberattack as outage drags into fourth day | TechCrunch
: A phone call to helpdesk was likely all it took to hack MGM | Ars Technica
: The MGM Resorts is operational after cybersecurity issue – CNN
: MGM Resorts says data breach exposed personal information – BBC News
: MGM Stock Price | MGM Resorts International Stock Quote (U.S.: NYSE) | MarketWatch

Change Contrast
Change Font Size
Reset to Default Settings
Close the Toolbar