In a recent turn of events regarding MGM Resorts’ Las Vegas establishments, the esteemed casino and resort operator effectively restored its customer-facing electronic systems following a targeted cyber assault that disrupted services for an extensive 10-day period.
The breach initially came to MGM’s attention on September 10, revealing a substantial breach in their data security. This breach had far-reaching implications, affecting the computer infrastructure of prominent MGM properties like Aria, Bellagio, and MGM Grand. The fallout encompassed critical domains such as corporate email services, restaurant reservations, hotel bookings, and digital key card access.
Employing exhaustive efforts and a swift, proactive approach, MGM Resorts officially declared, through X (formerly known as Twitter), that their operations had returned to their normal pace. Nonetheless, some users reported persistent issues with the mobile app, prompting MGM to assure its esteemed clientele that they were diligently addressing and rectifying these challenges to elevate user experience and bolster security measures. Further updates are eagerly anticipated as MGM Resorts steadfastly reinforces its systems and services in the aftermath of this cyber incident.
Cybersecurity Breaches Rocking the Casino Industry: Caesars vs. MGM Resorts
In a parallel scenario within the casino industry, Caesars Entertainment, a formidable competitor, recently disclosed a cyber assault to federal regulators that transpired on September 7th. The company conveyed assurances that the cyber incident did not cause any disruptions in its casino operations or online services. However, it found itself unable to provide an unequivocal guarantee regarding the safety of personal data belonging to tens of millions of customers, which included sensitive information like driver’s licenses and Social Security numbers of loyalty-rewards members.
On the flip side, MGM Resorts, a prominent figure in the casino industry, faced a similar breach in their security. While specific particulars about the scale of the breach, encompassing the nature of compromised data and the financial toll on the company, remain undisclosed.

Gregory Moody, a distinguished cybersecurity specialist and professor at the University of Nevada, shed light on potential expenses, projecting a staggering sum of up to $8 million daily due to the necessary computer shutdown. This could amount to a cumulative impact reaching as high as $80 million. However, it’s essential to bear in mind that MGM Resorts, boasting annual revenues exceeding $14 billion, typically rakes in an average of no less than $270 million in revenue each week.
Cybersecurity Expert’s Warning and Estimated Financial Impact
MGM Resorts announced that certain systems related to resort services, dining, entertainment, pools, and spas remained operational. Their website and app were functional for making dining and spa reservations. The company is actively working on restoring hotel booking and loyalty reward functions.
“At this point, all casinos should be moving to the highest defensive posture possible and taking active measures to verify the integrity of their systems and environment, and reviewing — if not activating — their incident-response processes,” emphasized Christopher Budd, a distinguished figure in threat research, currently serving as a director at Sophos X-Ops, a leading cybersecurity firm. “There’s been attacks against multiple casinos, and it’s possible we’ll see more.”
MGM Resorts has yet to provide an official assessment of the financial impact resulting from the recent security breach. However, analysts have estimated potential losses to reach up to $80 million, encompassing factors such as lost revenue, expenses for recovery and remediation, and possible future costs like regulatory fines or legal proceedings.
In response to the breach, MGM Resorts assured that they had not identified any compromise of customer data. Nonetheless, they’ve recommended their customers to change their passwords and stay vigilant, monitoring their accounts for any suspicious activities.
This incident serves as a stark reminder of the escalating threat cyberattacks pose to businesses across the board. It underscores the critical need for a strong cybersecurity strategy to deter and effectively handle such breaches.