Questions linger after ‘cyber issue’ shuts down MGM computer systems

MGM Grand

Jae C. Hong / AP

The Las Vegas Monorail passes by MGM Grand, April, 27, 2006, in Las Vegas.

The targets of cybersecurity attacks are typically high-profile companies that face challenges getting back online, said Yoohwan Kim, a UNLV computer scientist who studies data privacy on blockchain and network security.

Think hospitals, utility companies, even casino giants like MGM Resorts International.

MGM, with 28 properties worldwide, including many up and down the Las Vegas Strip, starting late Sunday experienced what resort officials labeled a “cyber issue.”

The nature of the issue was not detailed, but a statement from MGM said efforts to protect data included “shutting down certain systems.” The FBI is taking part in the investigation.

The shutdown prevented credit card transactions and crashed the BetMGM sports betting mobile app and company websites. It also prevented digital access to guest rooms, halted some slot machine play and provided the company plenty of bad publicity.

It was not known how many people were affected by the disruptions.

“One thing is clear: When this happens, there’s a lot of chaos in the company figuring out what it will take to fix it,” said Kim, who spearheaded the effort to develop a cybersecurity major at UNLV.

Kim said answers to many questions — Who did this? What information was compromised? Why MGM? — wouldn’t be immediately known. An attack of this nature takes time to execute and could have been years in the making, he said.

The motivation was more than likely money — pay a ransom to get back up and running, he said. MGM could have been asked to pay “several million dollars,” Kim speculated.

“It comes down to a cost analysis” when deciding whether to pay, he said. “If there’s urgency and people will die (such as could be the case with a hospital), that’s motivation to pay the ransom to resolve as fast as possible.”

This is not the first time MGM has been the target of a cyber issue.

Details about millions of people who stayed at MGM properties were published in 2020 on a hacking forum, including some driver’s license and passport…