Skip to main content
close search
site logo

MGM Resorts discloses cyber incident in filing with SEC

Moody’s Investors Service called the cyber incident credit negative, and MGM is still taking steps to protect data and fully secure business operations.

Published Sept. 13, 2023
David Jones's headshot
Reporter
An exterior image of a the Bellagio hotel in Las Vegas
Onlookers watch the water show outside The Bellagio Hotel and Casino on May 30, 2002, in Las Vegas. Robert Mora via Getty Images

MGM Resorts officially disclosed a “cybersecurity issue” with the Securities and Exchange Commission in an 8-K filing Wednesday, after taking its systems offline earlier this week.

The hotel and casino company said it has launched an investigation with leading external cybersecurity experts and has contacted law enforcement, based on a press release it issued Tuesday night. 

The company said it has taken steps to protect its systems and data, including shutting down certain systems. 

The investigation is ongoing, and MGM is working to resolve the matter and will continue to take steps to secure its business operations. The FBI previously told Cybersecurity Dive it was aware of the incident, but would not provide any details due to the ongoing nature. 

Moody’s Investors Service called the incident “credit negative” for the company, citing the potential loss of revenue, reputational risk and direct costs for remediation and investigation. 

Moody’s also cited research from cybersecurity firm Bitsight, which gave MGM Resorts a grade of “F” for patching cadence.

MGM Resorts includes more than 30 casino and hotel properties in the U.S. and abroad, as well as an extensive sports betting and online casino business. Some of the world’s biggest gaming casinos are part of the portfolio, including Bellagio, Mandalay Bay, MGM Grand, Empire City Casino in Yonkers, New York, and others. 

Cybersecurity experts widely consider the incident the result of malicious behavior by an outside actor and a possible ransomware attack

Hotel and casino guests earlier this week were previously unable to use digital room keys to access their hotel rooms and the hotel was unable to process card payments, access ATM machines and operate slot machines according to multiple social media posts. 

The company had said its dining, gaming and entertainment venues were operational, in an update on X, the social media platform formerly known as Twitter, earlier this week. 

The incident marks the second major cyber incident in four years, after a 2019 attack resulted in a massive data dump by a threat actor who posted the personal information of about 10.6 million customers online. 

The company is facing litigation over that incident and Nevada passed new legislation at the end of 2022, which requires gaming companies to disclose updates on their cybersecurity posture. 

Officials from the Nevada Gaming Control Board, which oversees those new cyber disclosures, declined to comment on the MGM Resorts situation.

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Whalebone Ranks Third Straight Year Among Central Europe’s 50 Fastest-Growing Companies
From Whalebone
November 25, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Breaches
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.