Here’s Why MA Regulators Are Discussing The MGM Hack In Private

Written By Steve Schult on October 6, 2023
A photo of the Massachusetts Gaming Commission in 2014 for a story about how the regulators are handling discussions about the cyberattack affecting MGM Springfield.

The Massachusetts Gaming Commission held three public meetings where the cyberattack that affected MGM Springfield was on the schedule.

MGC public meetings are exactly that. Public. They are live-streamed for everyone to see in real-time, allowing citizens to see how their state’s regulators govern the industry.

On Sept. 13, Sept. 21 and Oct. 2, the MGC discussed the issue at a public hearing. However, the discussions revolving the hack were never on camera.

Instead, those discussions were held in private. Commissioners voted to meet in executive session each time the topic was brought up.

Executive sessions allow regulators to speak privately during a public meeting. As a result, Massachusetts gamblers were kept in the dark about how the attack affected them.

Security concerns allow for an executive session

There is only one MGM property in the Bay State — MGM Springfield. But it makes up one-third of the Massachusetts casino industry. And it is only one of two properties with table games. The other is Encore Boston Harbor.

Additionally, if Massachusetts online casinos are ever legalized, MGM will likely have a presence in that market, too.

In other words, many Massachusetts gamblers could have legitimate questions about the hack.

Was their information compromised? Should they be vigilant in spotting any potential identity theft? What are the possible ramifications of the hack?

Chapter 30A Section 21 of the Massachusetts General Laws outlines the 10 possible reasons for commissioners to convene an executive session. During the latest meeting, commissioners cited rule 4 to discuss the issue in private.

This law allows for executive sessions when regulators need “to discuss the deployment of security personnel or devices, or strategies.”

Therefore, commissioners were likely to discuss which steps to take to prevent this from happening again. This is not information the state would want to broadcast for obvious reasons, as it could endanger public safety.

Executive session decisions are a last resort

The MGC releases a public meeting agenda at least 48 hours before the meeting. This agenda will note if commissioners are considering an executive session.

But the commission says this isn’t a move taken lightly.

“As you know, our work is done largely in public, so any vote to go into executive session is taken seriously,” MGC communications division chief Thomas Mills told PlayMA.

Nevada also decides to keep matter private

Despite the desire to know more about the situation, Massachusetts isn’t the only state that decided to keep details about the attack under wraps.

On Wednesday, Nevada Gaming Control Board Chairman Kirk Hendrick said Nevada’s regulators would not be discussing the issue any time soon.

Hendrick said the matter is an active police investigation, which would prohibit the board from releasing any details. Shortly after the attack was made public, the FBI confirmed it would investigate the issue.

MGM Springfield said it was mostly back to normal a couple weeks after the attack.

Photo by AP Photo / Charles Krupa
Steve Schult Avatar
Written by
Steve Schult

The managing editor for PlayMA and several other Catena Media sites, Steve stays on top of all things related to the national gaming industry. He is also a veteran of the gambling world. The native New Yorker started covering high-stakes tournaments in 2009 for some of poker's most prominent media outlets before adding the broader U.S. gaming market to his beat in 2018.

View all posts by Steve Schult
Privacy Policy