A cybersecurity threat is affecting MGM Resorts casinos nationwide, causing problems for gamblers everywhere.
That includes inconveniencing customers at the company’s lone Massachusetts casino, MGM Springfield. As a result, there are several restrictions on gaming and accommodations at the venue.
MGM started dealing with problems related to the cybersecurity issue on Monday. Thus, the Massachusetts Gaming Commission announced an impromptu meeting to discuss the problems. Commissioners met Wednesday at 11:30 a.m.
As if the cybersecurity issue wasn’t bad enough, the Springfield venue is dealing with a water main problem. Consequently, the water on the property is incredibly limited, a customer service representative told PlayMA on Wednesday.
MGM Springfield closed restaurants and won’t take new hotel reservations
No checks can be written or cashed at MGM Springfield, and ATMs are not functioning, the representative told PlayMA. In fact, credit cards aren’t accepted on the property as of Wednesday. Without functioning credit card machines, MGM Springfield isn’t taking new reservations for its hotel. Additionally, the property’s restaurants and cafes are all closed.
On the bright side, the gaming side of the business is only mildly affected.
Slots and table games are open at MGM Springfield as of Wednesday afternoon. However, any win above the tax threshold cannot be paid out immediately. Customers cannot currently use bonus play or their MGM account play cards.
The MGM Springfield website indicates that refunds or cancellations for stays at the hotel can be handled via telephone.
MGC goes into executive session on security matter
The MGC quickly scheduled an emergency public meeting on the MGM Springfield issue for Wednesday at 11:30 a.m. However, after taking roll in the meeting, Chair Cathy Judd-Stein asked for a vote to go into executive session. In executive session, commissioners can speak without streaming the meeting to the public. Those sessions are intended for sensitive matters.
Thomas Mills, Communication Division Chief of the MGC, responded to a PlayMA email early this afternoon:
“The MGC scheduled an emergency public meeting for today to be updated on the cybersecurity issue taking place at MGM Resorts International properties including MGM Springfield,” Mills wrote. “The Commission voted to go into an executive session given the sensitivity surrounding a security event. I would refer you to MGM Resorts International and/or MGM Springfield for specific information related to their company. I will say that the team at MGM has been in constant contact with the Commission.”
In addition to the MGM Springfield casino, MGM Resorts also owns BetMGM, which operates the BetMGM Sportsbook Massachusetts. As of Wednesday, no disruption has occurred with the performance of that mobile application or sports betting website.
Cybersecurity breach impacts MGM properties in 6 states
Since Monday, all MGM properties in six states have been experiencing issues related to an apparent cybersecurity attack on a system in its properties. MGM properties in Massachusetts, Michigan, New Jersey, New York, Nevada and Ohio have been impacted.
MGM Resorts International, the parent company of the impacted casinos, acknowledged the issues at its properties on Monday. In some states, like Michigan and New Jersey, phone and email systems were also shut down, or are currently inactive.
We know who hacked MGM, because they also hacked Caesars
The cybersecurity troubles impacting MGM Springfield are the result of a ransomware attack similar to one that led Caesars to pay millions to hackers weeks ago. This is according to reports that came to light late Wednesday, just days after MGM properties in Massachusetts and other states were impacted by a systems breach.
According to Bloomberg and Reuters, Caesars paid a group called Scattered Spider a ransom several weeks ago as a result of an attack on their computer systems.
In reporting by several news agencies that became widespread on Thursday, it is now known that Caesars Entertainment, Inc. decided to pay out tens of millions of dollars to an infamous hacker group after they placed ransomware on its systems in several properties nationwide.
Caesars does not operate a casino in Massachusetts, but Caesars Sportsbook Massachusetts is live. However, the ransomware attack has not apparently impacted the online sports betting operations.
Scattered Spider, also called UNC3944, has performed ransomware attacks on several organizations in the past, with some success, according to the FBI.
Ransomware is a form of malware that seeks to bottleneck or take over a computer system. Once hackers achieve that goal, they demand a payment to release the data and return system control to the network operator.