MGM Resorts shuts down IT systems amid ‘cybersecurity issue’

12 Sep 2023

Image: © JHVEPhoto/

There are reports that casino machines and digital hotel room keys are not working, while MGM Resorts said it took ‘prompt action’ to protect its data.

It appears MGM Resorts has been hit with a cyberattack, as the hotel chain giant has shut down some of its computer systems.

The company said it identified a “cybersecurity issue” affecting some of its systems, after which time it began an investigation with “leading external cybersecurity experts”.

MGM Resorts said it took “prompt action” to protect its data, which included shutting down certain systems. The impact appears to be widespread, as social media users claim the outage has impacted slot machines and ATMs at the company’s Las Vegas casinos.

Some people claim they are unable to use their digital room keys at MGM hotels. A source told TechCrunch that all of MGM’s properties appear to be affected by the incident.

“Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter,” MGM Resorts said on X.

The MGM Resorts website – which is currently offline – states the company has 31 unique hotel and gaming destinations globally. Ryan McConechy, CTO of cybersecurity company Barrier Networks, said MGM’s decision to take its systems offline is a “costly move”.

“For every minute the gaming floor was down, MGM was losing money,” McConechy said. “Likewise, with reservations and their websites still being down, the company continues to suffer massive financial losses.

“Understandably, this may be to prevent active attackers pivoting or malware spreading, but when organisations segment their networks effectively, this scale of downtime can usually be avoided.”

While the specific details of the cybersecurity incident are currently unclear, this is not the first time MGM Resorts has had this type of issue. In 2020, a hacker gained unauthorised access to an cloud server that contained information for certain previous MGM Resorts guests.

Reports at the time claimed the personal data of 10.6m former guests was exposed and posted on an online hacking forum, including contact details of celebrities, CEOs, reporters and government officials.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic