MGM Resorts Cyberattack: State and Federal Regulators Launch Probe $100 Million Data Breach

Cybercrime groups AlphV and Scattered Spider claimed responsibility.

US state and federal officials are scrutinizing MGM Resorts International after a September hack that wiped almost $100 million from its third-quarter profits.

Friday's regulatory document suggested the casino operator's willingness to help with inquirie, according to a Reuters report. The FBI began investigating the intrusion, which forced MGM to shut down its systems after Las Vegas hotels saw long lines and slot machine error messages.

The hacker group AlphV claimed the assault, raising consumer data security worries. AlphV, reportedly collaborating with another group named Scattered Spider, orchestrated the breach to steal data for extortion.

Sources disclosed to Reuters in September about the cybercrime collaboration, revealing that Scattered Spider was also responsible for a cybersecurity incident at Caesars Entertainment.

(Photo : Ethan Miller/Getty Images) An exterior view shows the marquee and a sign at an entrance at MGM Grand Hotel & Casino on the Las Vegas Strip.

Sensitive Data Stolen

The cyberattack on MGM Resorts, reported by TechTimes, disrupted various aspects of its operations, causing significant issues at multiple properties. MGM Resorts stated in a regulatory filing that customer personal data from transactions before March 2019 was taken. For a some clients, this includes names, contact information, genders, birthdates, license numbers, Social Security numbers, and passport information.

The extent of the data leak remains uncertain, considering MGM Resorts' massive annual visitor count. Company spokesmen Andrew Chapman and Brian Ahern declined to provide further details. Notably, the breach did not compromise bank accounts or credit card information but exposed sensitive personal details of customers.

The Cosmopolitan of Las Vegas was unscathed by the hack that disabled guest-facing systems. MGM Resorts did not pay the cyber attackers a ransom, unlike previous high-profile attacks. MGM's rival Caesars Entertainment is said to have paid almost half of a $30 million ransom to avert data theft in a hack.

Biden Administration Intensifying Cybersecurity in Ports

In a related cybersecurity development, US President Joe Biden issued an executive order this week to strengthen port cybersecurity to address growing worries about critical infrastructure cyberattacks.

The US government is imposing countrywide cybersecurity requirements on port operators, akin to physical risk safety standards. A White House executive order will boost port security, marine cybersecurity, supply chains, and the US industrial base, per an earlier report.

Chinese freight cranes may be used as espionage instruments, prompting government authorities to call for rigorous cybersecurity rules. These efforts demonstrate the administration's commitment to investing in America, securing supply chains, and safeguarding key infrastructure from new threats.

Given the importance of marine commerce to the US economy, port security is vital. The Marine Transportation System (MTS) provides billions of dollars in economic activity and millions of jobs. However, digital technologies essential to port operations have created new vulnerabilities that threaten marine transportation and supply networks.

President Biden's executive order gives DHS the authority to handle marine cyber risks by setting cybersecurity requirements for ports' networks and systems. In the MTS, the US Coast Guard is authorized to react to unauthorized cyber activity and mandates vessel and waterfront facility cybersecurity.

Cyber incidents threatening vessels, harbors, ports, or waterfront infrastructure must be reported. The Coast Guard may regulate cyber-threat ships and inspect them to reduce cybersecurity hazards.

President Biden's executive order strengthens ports' cyber resilience in an increasingly digital world to defend key infrastructure and supply lines.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics