Sign Up For Card Player's Newsletter And Free Bi-Monthly Online Magazine

MGM Resorts CEO Details Cyber Attack Issues

Hornbuckle Pleased No Ransom Was Paid to Attackers

Print-icon
 

MGM Resorts has now recovered from the September cyber attacks that left much of the company’s casino computer systems crippled for weeks. CEO Bill Hornbuckle addressed the company’s response to the challenges created by the security breach recently during remarks at the Global Gaming Expo in Las Vegas.

Overall, Hornbuckle was pleased at how the company responded to numerous challenges that included a shutdown of company websites, online hotel registration, company email, numerous slot machines, and many of the company’s computer systems. The issue affected MGM casinos in several states across the country, most notably in Las Vegas where they operate the MGM Grand, Bellagio, Aria, The Cosmopolitan, and Mandalay Bay, among others.

“We found ourselves in an environment where for the next four or five days, with 36,000 hotel rooms and some regional properties, we were completely in the dark,” he said. “Literally, the telephones, the casino system, the hotel system – and I could go on and on and on – were not functioning. And so… you put the company to the test.”

Lessons Learned

During many of these types of cyber attacks, hackers often gain control of a company’s systems until a ransom is paid. The cybercrime group demanded $30 million from MGM. Caesars experienced a similar attack in the days before the MGM breach, but paid a $15 million ransom to regain control of many of its systems.

Hornbuckle says that the company’s technical call center had been socially engineered by the hackers, meaning an attacker actually called the center to coax information out from employees to could gain access to the systems. The company has learned lessons from the experience, he said, and is pleased they didn’t succumb to the demand.

“We are proud of what we did. We didn’t pay the ransom,” he said. “The way that you structure your environment. If they get into one, they don’t get into all, it’s critical architecture. That is probably the second largest takeaway.

“In our example, one of the things we were able to protect was banking information, credit card information – nothing got out. And so, even despite the scale of the hack we had, that kind of information didn’t get out.”

Hornbuckle said the entire ordeal would cost the company about $100 million, but much of that will be covered by insurance. The company continues working to solidify its systems to ensure a similar attack is less likely to occur to in the future.

*Photo credit MGM Resorts