MGM Resorts, Caesars Entertainment deal with issues after cybersecurity attacks

Cybersecurity expert Scott Spiro weighed in on how hackers accessed MGM's system.

Caroline Goggin Image
Friday, September 15, 2023
MGM Resorts, Caesars Entertainment deal with issues after cybersecurity attacks
MGM Resorts, Caesars Entertainment deal with issues after cybersecurity attacks

ATLANTIC CITY, New Jersey (WPVI) -- MGM Resorts International is still investigating a cybersecurity issue that has affected systems within the company.

Hackers struck MGM Resorts on Sunday morning, rendering doors to the chain's casinos and hotels unusable. Slot machines and ATM machines were also inoperable, elevators were out of order, and customers had to wait hours to check into rooms.

While the company's website remains down, it said it, "took prompt action to protect our system and data, including shutting down certain systems."

READ | Casino giant Caesars Entertainment reports cyberattack; MGM Resorts says some systems still down

The FBI said it is investigating the attack and has been in contact with the chain since Sunday.

MGM Resorts has not released details on how the attack occurred or who might be responsible.

A representative for the Borgata in Atlantic City, which is owned by MGM, told Action News the hotel, restaurants, and casino floor are operational, the credit card readers are functioning, and Saturday's concert at the Borgata will go on as planned.

A statement from the casino read, "We continue to work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly. We couldn't do this without the thousands of incredible employees who are committed to guest service and support from our loyal customers. Thank you for your continued patience."

Cybersecurity expert Scott Spiro weighed in on how hackers accessed MGM's system.

"They figured out who worked at MGM and decided to call into the IT help desk and pretend that they were one of the existing employees," he explained.

Spiro also said, "There's a good chance that they're going to get paid because they need to get those operations back up and running as soon as possible. They're losing tremendous amounts of money."

Action News spoke on Friday with Beth Sparozic from Wyckoff, New Jersey, who is staying at the Borgata.

"I was very nervous because I was reading online how there were so many problems," she said.

Sparozic said check-in at the Borgata on Thursday was a breeze. She also said she has been able to use her credit card in the hotel and casino.

The biggest problem Sparozic said she has encountered is cashing out after playing on the casino floor.

"So usually when you put your money in the machine and you cash out, you would get a voucher," she said. "You don't get a voucher, you have to have a hand pay. So by the time you're waiting for someone to come, it's a good 45, 55 minutes to an hour just to pay you to cash out of a machine."

SEE ALSO | Cyberattackers hit Caesars Entertainment, as MGM Resorts still reeling

Meantime, a major resort operation, Caesars Entertainment, acknowledged it was also the target of a cyberattack.

The company has three casinos in Atlantic City: Caesars, the Tropicana, and Harrah's.

The company acknowledged the attack occurred on Sept. 7 in a filing with the U.S. Securities Exchange Commission.

"Caesars Entertainment Inc. recently identified suspicious activity in its information technology network resulting from a social engineering attack on an outsourced IT support vendor used by the Company," Caesars said in its SEC Form 8-K filing.

Caesars Entertainment, according to the filing, said its investigation determined that hackers acquired a copy of its loyalty program database, which includes driver's license numbers and Social Security numbers "for a significant number of members in the database."

Caesars added, "We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result."

Copyright © 2024 WPVI-TV. All Rights Reserved.