Reports of a massive MGM cyber attack spread quickly across social media platforms yesterday, as the company faced major outages at its resorts. The outages were not restricted to Las Vegas and took down slot machines, ATM's, electronic room key access, guest services, the ability to process credit cards, and the company website.
The company seemed reluctant to label this an “attack”, and instead are calling it an “issue”. And it's a large issue at that. The MGM cyber attack that wasn't resulted in the company feeling that their best course of action was to completely shut down their systems… which is normal in an “attack”. But this isn't an “attack”, right? Just an “issue”.
The company issued the following statement: “MGM Resorts recently identified a cybersecurity issue affecting certain of the Company's systems. Promptly after detecting the issue, we began an investigation with assistance from leading external cybersecurity experts.”
Well kudos for getting on top of things, but the public wants to know if this was truly just an “issue” of an MGM cyber attack took place. And if so, how much (if any) customer data was compromised. I mean, if it's our information, shouldn't they tell us? On a side not, we hear LifeLock is affordable.
The MGM Resorts spokesperson added: “We also notified law enforcement and are taking steps to protect our systems and data, including shutting down certain systems.” Wait, what? If this was not a cyber attack then why get law enforcement involved? Sounds like MGM is walking a tight rope here.
Look, these things happen. It's 2023, and the public understands that there are assholes in the world, and that they will occasionally do these things through no fault of MGM or any other company they victimize. But don't sugarcoat the truth here… just tell us what's up so the public can protect themselves!
“Our investigation is ongoing, and we are working diligently to resolve the matter” stated the company, adding that they will “…continue to implement measures to secure its business operations and take additional steps as appropriate.” That's a lot of action for something that was not an MGM cyber attack.