Recent Hacks Prove Need to Educate More Cybersecurity Professionals

(TNS) — The recent hack at MGM Resorts International last week points to a need for more cybersecurity professionals, an expert says, and the importance of training professionals in Massachusetts.

Steven Zuromski, chief information officer and vice president of information technology at Bridgewater State University, said Monday that the breach should serve as a reminder to consumers to monitor their finances for unexplained charges or new accounts.

Zuromski said a hacker group known as Blackcat or AlphaV has taken responsibility for the attack on MGM, using common methods of phishing and social engineering. The hackers gleaned information from an MGM employee’s LinkedIn account and used that knowledge to impersonate the individual and convince MGM employees to take steps that left the computer systems vulnerable.

“And wreak serious havoc over there for more than a week,” Zuromski said. “It appears to be pretty widespread.”

Widespread enough that Zuromski worries that consumer and account data might have been stolen. “If these actors were able to get this far,” he said. “MGM needs to be thinking very carefully about what data might have been exfiltrated.”

Last week, Caesars Entertainment told stock regulators that hackers stole Social Security numbers and driver’s license numbers of its loyalty program in a recent data breach.

On Monday, MGM executives briefed the Massachusetts Gaming Commission on cybersecurity issues at their Springfield casino, eight days after hackers damaged MGM’s computer systems companywide.

The discussion was kept to a closed-door executive session, just as commissioners did last week when they got an initial rundown on the hack.


Meantime, the Massachusetts Gaming Commission will host a roundtable Tuesday with the state’s sports betting operators to discuss implementation of new personal data rules the commission approved last month, according to spokesman Thomas Mills.

Those rules govern how the state’s in-person and mobile sports betting operators — a list that includes MGM — can collect and store personal data. The rules forbid them from…