MGM Resorts International disclosed today that it is dealing with a cybersecurity issue that impacted some of its systems, including its main website, online reservations, and in-casino services, like ATMs, slot machines, and credit card machines.
“MGM Resorts recently identified a cybersecurity issue affecting some of the Company’s systems,” the company announced on its profile page on X (formerly known as Twitter).
The company says it started an investigation immediately after detecting the issue “and took prompt action to protect our systems and data, including shutting down certain systems.”
It appears that the outage started on Sunday night and computer systems in the resorts are currently down.
Reports online note that the company switched to manual operations, with the ATMs and credit card machines on properties having been affected.
The MGM Resorts main website is also down, currently informing that customers can make hotel reservations “at any of our destinations” over the phone.
MGM Rewards customers are also affected, and they’ve been instructed to call a Member Services number between 6 AM and 11 PM, Pacific time.
All MGM websites using the same domain name as the main one – i.e. mgmresorts.com – have been offline for hours.
BleepingComputer checked several of them, and they all showed the same message, instructing visitors to call a phone number, including MGM National Harbor, Empire City Casino, MGM Springfield, MGM Grand Detroit, Beau Rivage, and The Borgata.
If you have any information on this attack or other attacks, you can contact us confidentially via Signal at 646-961-3731.
According to FOX5, some guests reported that their room keys were not working.
Local Las Vegas media outlet Vital Vegas also reports that the slot machines are not functional, instead displaying a temporarily unavailable message.
BleepingComputer has confirmed that the MGM Rewards app is no longer working, advising members to see the front desk for assistance. However, the cyberattack does not impact other MGM apps, such as MGM+ and the MGM sportsbook..
The nature of the cybersecurity incident has not been disclosed publicly, and the attacker’s purpose remains unknown.
This is the second time MGM Resorts had confirmed a cybersecurity incident since 2019 when one of the company’s cloud services was breached, and hackers stole more than 10 million customer records.
The company confirmed the breach in 2020 after an archive with stolen data – including guests’ names, dates of birth, email addresses, phone numbers, and physical addresses, was shared freely on a hacker forum.
This is a developing story
Update 9/11/23: Added further information about disrupted services.