MGM Resorts Announces Major Security Breach As Slot Machines Appear To Be Hacked

MGM Resorts International logo on a cellphone

Getty Image / Pavlo Gonchar / SOPA Images / LightRocket

Major news is trickling out of Las Vegas after rumors of slot machines being hacked began to surface. On Monday, MGM Resorts International announced a major security breach that led to certain systems being taken offline, all but confirming the hacking of the slots.

One users on X/Twitter shared an image from the Aria saying that ‘everything (was) down still.’ Adding that they were unable to withdraw money from the Aria cashier, ATMs weren’t working, and they claimed that all of the slot machines appeared to be going down.

Shortly before that message was sent, MGM Resorts International shared a message announcing a major cybersecurity issue. The message reads:

“MGM Resorts recently identified a cybersecurity issue affecting some of the Company’s systems. Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems.”

The message continued to say “Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter.”

This isn’t just specific to Las Vegas, either. The Borgata in Atlantic City is reportedly experiencing the same outages as MGM Resorts properties in Las Vegas. Likewise, the Sun Herald reports the same outages are occurring in Biloxi. MGM Resorts websites were taken down overnight and this has been unfolding since at least midnight on the East Coast.

A large scale ‘hacking’ would spell very bad news for MGM Resorts International whose systems were breached in 2019 and later resulted in a hacker attempting to sell sensitive information on 142 million MGM hotel guests.

MGM Resorts International later issued an update that their ‘dining, entertainment, and gaming’ are currently operational. Also advising guests to speak with Front Desk staff regarding any questions about the temporary changes:

Referring to the incident specifically as a ‘cybersecurity incident’ is significant. While that could mean any number of things. While MGM Resorts International has not used the word ‘ransomware’ yet, Casino and CyberNews both mentioned ‘ransom’ in their headlines about the large scale security breach.

That is entirely speculation at this point, until MGM speaks on the incident. But more will be revealed in the future as SEC Chair Gary Gensler’s statement in July pertains to incidents like this. At the time, he said “Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors. Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way.”

Based on the SEC Chair’s statement, it does seem as if MGM Resorts International will disclosed details in the future as they pertain to shareholders.

welcome to Las Vegas sign

iStockphoto / trekandshoot