In September 2023, MGM Resorts International and Caesars Entertainment, two prominent casino chains, fell victim to cyberattacks that disrupted their operations and compromised customer data.
The MGM Breach
The MGM breach was carried out by a hacking group known as Scattered Spider, which reportedly used ransomware made by ALPHV, or BlackCat. The attack began with a phone call and led to the shutdown of many of MGM’s systems, affecting everything from hotel room digital keys to slot machine. Guests experienced hours-long lines to check in and receive physical room keys, and the company had to resort to manual mode to stay operational.
The Caesars Breach
Caesars Entertainment experienced a cyberattack that resulted in the theft of a large amount of customer data, including driver’s license numbers and Social Security numbers for a significant number of loyalty program members. The company discovered the breach on September 7th and reported it to law enforcement. Caesars paid roughly $15 million, half of the initial $30 million ransom demanded by the hackers, to prevent the disclosure of stolen data.
Steps Taken to Remedy the Breaches
Both MGM and Caesars reported the incidents to law enforcement and began investigating the breaches. Caesars took steps to ensure that the stolen data was deleted by the unauthorized actor, although they could not guarantee this result. The company also worked to implement corrective measures with the specific outsourced IT support vendor involved to protect against future attacks.
MGM has not provided specific details on the steps taken to address the breach, beyond stating that it was dealing with a “cybersecurity issue”. However, it is worth noting that after a previous data breach in 2020, MGM strengthened and enhanced the security of its network to prevent similar incidents from happening again.
Ransom Payments
Caesars Entertainment confirmed that it paid a ransom of approximately $15 million to prevent the leak of stolen data online. The Wall Street Journal reported that the hotel and casino entertainment company paid half of the attackers’ initial $30 million demand. On the other hand, there is no information available on whether MGM paid a ransom or not.
Current Status of the Breaches
As of September 19, 2023, the MGM breach is still affecting various operations at the hotels and gaming venues it owns, from Las Vegas to Macau. Caesars Entertainment, on the other hand, reported that its core customer-facing operations, both online platforms and physical locations, remained untouched and continued without disruption.
