Cyberattackers hit Caesars Entertainment, as MGM Resorts still reeling

ByBill Hutchinson ABCNews logo
Friday, September 15, 2023

Five days after a cyberattack crippled operations of MGM Resorts International, including its signature Las Vegas properties the Bellagio and the MGM Grand, the company said Thursday morning it is still working to resolve issues as another major resort operation, Caesars Entertainment, acknowledged it was also the target of a cyberattack.

Hackers struck MGM Resorts on Sunday morning, rendering doors to the chain's casinos and hotels unusable. Slot machines and ATM machines were also inoperable, elevators were out of order and customers had to wait hours to check into rooms. Even the company's website remains down.

"We continue to work diligently to resolve our cybersecurity issues while addressing individual guest needs promptly," MGM Resorts said a statement Thursday. "We couldn't do this without the thousands of incredible employees who are committed to guest service and support from our loyal customers. Thank you for your continued patience."

But for MGM Resorts Las Vegas visitors like Walter Haywood, patience is running out.

"It was kind of chaotic," Haywood told ABC Las Vegas affiliate station KTNV. "The machines wouldn't take our ticket. Lines everywhere. Just chaos."

MGM Resorts has acknowledged the attack but has released no details on how it occurred or who might be responsible.

The company said it "took prompt action to protect our system and data, including shutting down certain systems."

The FBI said it is investigating the attack and has been in contact with the chain since Sunday.

The Cybersecurity and Infrastructure Security Agency, which is part of the U.S. Department of Homeland Security, announced on Thursday that it is in contact with MGM Resorts "to understand the impacts of their recent cyber incident."

"We are also offering any necessary assistance should the organization need or request it," the CISA said in a statement.

Nevada Gov. Joe Lombardo and the Nevada Gaming Board released a joint statement, saying they are "monitoring the cybersecurity incident with MGM Resorts and are in communication with company executives."

"Additionally, the Nevada Gaming Control Board remains in communication with other law enforcement agencies," the statement from Lombardo and the gaming board said.

VX-Underground -- a research group boasting the largest collection of malware source code, samples and papers on the internet -- posted to X that the ransomware group "ALPHV," also known as Black Cat, is allegedly is behind the MGM cyberattack. Authorities have not confirmed the report.

"All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk. A company valued at $33,900,000,000 was defeated by a 10-minute conversation," VX-Underground said.

Bloomberg News reported Wednesday that the same ransomware group is responsible for a cyberattack this month on Caesars Entertainment Inc. and that the company paid "millions" to get its data back.

Caesars Entertainment -- which runs more than 50 resorts including, Caesars Palace and Harrah's in Las Vegas -- acknowledged the attack occurred on Sept. 7 in a filing Thursday with the U.S. Securities Exchange Commission.

"Caesars Entertainment Inc. recently identified suspicious activity in its information technology network resulting from a social engineering attack on an outsourced IT support vendor used by the Company," Caesars said in its SEC Form 8-K filing.

While the company said it did not pay a ransom, it noted that "we have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter. The full scope of the costs and related impacts of this incident, including the extent to which these costs will be offset by our cybersecurity insurance or potential indemnification claims against third parties, has not been determined."

Caesars Entertainment, according to the filing, said its investigation determined that hackers acquired a copy of its loyalty program database, which includes driver's license numbers and Social Security numbers "for a significant number of members in the database."

Caesars added, "We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result."

ABC News' Luke Barr contributed to this report.

Related Topics