Detroit (Fox 2) – You can still gamble at the MGM Grand in Detroit on Monday night — even though MGM casinos across the country are experiencing breaches in their cybersecurity systems.
The incident began on Sunday – with guests unable to make reservations or enter their rooms at some locations, according to company officials. Affected casino sites include Michigan, Las Vegas, Massachusetts, New York and New Jersey.
In Detroit it’s business as usual, but you can’t check your comps.
David Derigiotis is Embroker’s Chief Insurance Officer and a cybersecurity expert.
“Hotels, and casinos are prime targets for cybercriminals – they’re very data-rich,” he said. “These are complex IT environments, and you see digital operations involved, especially for a casino and surveillance, online gaming, as well as the hospitality sector.”
MGM Resorts International is not releasing many details about the security breach.
The company issued a statement on social media saying:
“MGM Resorts recently identified a cyber security issue affecting some of the company’s systems. Immediately after identifying the issue, we initiated a rapid investigation with the assistance of leading external cyber security experts.
“We have also notified law enforcement and have taken immediate measures to secure our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter.”
“You look at this particular disruption, it’s affecting their online services, it’s affecting in some cases, people being able to check in using their electronic room keys, taking reservations online,” he said.
The MGM Grand website is currently down. A notice instructing customers to call a toll-free number for immediate assistance
“Every moment that they’re down is potential lost revenue for operations, that’s frustrated customers — that’s probably dealing with identity theft for all of your customers,” Derigiotis said.
He says there are many reasons why the company doesn’t know precisely the extent of the breach.
“The internal team really has to get their arms around the situation — they have to figure out how long has this attacker been on our system? What information did they access, what information was extracted,” he said. “They need to do a full analysis to figure out the real opportunities and pitfalls of the situation.”