Anonymous hacker in front of his computer with red light wall background

MGM Resorts Hit by Massive Cyberattack

MGM Resorts International found itself at the center of a major cyber-attack this week, highlighting the ever-increasing importance of maintaining cybersecurity best practices for businesses in Denver and around the world. In this blog post, brought to you by our eCreek IT Support, Denver’s premier IT Service company, we will dive into the details of this ongoing MGM cyber breach, its impact on MGM and their customers, and what Denver businesses and Nonprofits should take away from this incident.

The Incident:

MGM Resorts International, a familiar and monumental name in the resort casino and hospitality world, revealed that it had fallen victim to a cyber-attack that has breached many of its internal systems and significantly disrupted its operations across the United States. This incident, which has lasted for three days and is still ongoing, has not only caused a significant problem for MGM itself, but has also raised serious concerns among its stakeholders, and its customers. The attackers apparently gained access to MGM’s systems using simple social engineering tactics, once again displaying the importance of ensuring that your employees receive ongoing Cyber Security Awareness Training.

The impacts of the Attack:

The cyberattack on MGM Resorts networks has had major consequences in multiple areas of their operation. In addition to the obvious damages to revenue and reputation, MGMs corporate email systems, hotel booking systems, restaurant reservation systems, and even digital room keys and some slot machines have been taken offline. More than a dozen MGM resort properties had to shut down their operations. MGM Resorts quickly notified the Securities and Exchange Commission (SEC) about this breach, signifying that they recognize it to be a material risk to the company.

Moody’s, one of the major credit rating agencies warned that the cyberattack could impact MGM’s credit rating negatively. MGM Resorts’ share price has fallen more than 6% since the incident was first acknowledged.

The FBI, SEC, What You Need to Know About Compliance:

While the FBI is closely monitoring the situation, MGM is not legally required to disclose the incident to the SEC at this point. The new SEC cyber security disclosure requirements became effective on September 5th of this year but have a 90-day compliance window for larger companies (smaller companies have a 180-day compliance window). For a company like MGM Resorts, this means that if this breach had occurred after December18th, they would be required to publicly disclose material information about their cybersecurity risk.

Customer Concerns are Your Concerns:

Many of MGM’s customers have taken to social media to voice their concerns, citing issues with not being able to get access into their hotel rooms, and wondering what impact this breach will have on the security of their personal information. More and more, the publicity around cyber security breaches is a problem for businesses and nonprofits. Your customers need to trust that you are taking every possible step to protect their data, and the reputation hit of notifying them that your organization leaked their information can often be the end of your business.

How the Attack Happened:

While the entire scope of the attack is still unclear, we do have information about how it began. These malicious actors allegedly breached MGMs systems with basic social engineering tactics. These hackers were allegedly able to bypass multi-factor authentication tools by finding an MGM employee on LinkedIn and calling MGM’s helpdesk pretending to be that employee and asking for help accessing their account. Ensuring that your staff receives ongoing training on cyber security remains one of the most important steps your organization can take to remain secure.

Lessons and Takeaways:

  1. Cybersecurity is More Important Than Even: The MGM incident highlights that no business or nonprofit, regardless of its size or industry, is immune to the risks of cyber-attacks. It’s crucial for all Denver organizations to prioritize cybersecurity protection measures, and asses those protections on an ongoing basis.
  2. The Very Real Risks to Your Organization: Businesses and non-profits must recognize the very real risks associated with cyber-attacks and breaches and follow the laws and regulations related to notifications to relevant authorities. They must also be aware that these laws are changing rapidly. Having an expert cyber security compliance partner like eCreek IT Support on your side is a crucial tool to ensure compliance.
  3. Customer Trust and Reputation: This attack’s impact on MGM’s customers’ trust and reputation is a harsh reminder of the importance of safeguarding your customer’s sensitive information.
  4. Ongoing Employee Training: Social engineering attacks like the one on MGM highlight the need for ongoing employee training and cybersecurity awareness.
  5. Regulatory Compliance: Staying informed about and complying with changing cybersecurity regulations is essential in the reality of today’s threat landscape. When was the last time your organization assessed your cybersecurity compliance stance and readiness? If the answer is more than 3 months ago, we need to talk.

What now?

This major cyberattack serves as a sobering reminder of the ever growing and evolving threat in our online world. Businesses and nonprofits, regardless of their industry or size, need to take proactive steps to protect their network, digital assets, customer data, and reputation. As the Premier IT support company in Denver, we always focus on the significance of top of the line cybersecurity measures and ongoing vigilance to prevent and mitigate cyber incidents.

You can read more about this ongoing situation here and here

For professional IT support, Cybersecurity Services, and Cybersecurity Compliance, contact eCreek IT Support today. We are committed to helping Denver businesses and non-profits stay resilient in the face of cyber threats.