MGM Resorts could be losing as much as $8.4 million a day as their computer systems remain down following a massive cyberattack, as a new hire claims their paycheck is late in the chaos.
Disruptions at hotels and casinos owned by MGM Resorts International have been going on for over a week, after the company was breached by hackers seeking a ransom payment to restore access.
The giant company may currently be losing between $4.2 million and $8.4 million in daily revenue – and around $1 million in cash flow every day, a gaming industry analyst said in a report to investors, according to the Las Vegas Review-Journal.
In a weekly report published on Sunday, equity analyst David Katz estimated that MGM could take a 10 to 20 percent blow on revenue and cash flow ‘for the days that the current conditions exist.’
While the company claimed on Friday that payroll had been met, a new hire at the T-Mobile arena, a joint venture between MGM and AEG, claimed over the weekend he was yet to receive his paycheck.
Long lines for check-in were seen at the Bellagio last week
ARIA still had some slot machines offline, with the rest operating as cash-only and hand pay
‘All of us started checking our accounts and we’ve seen that we’re all locked out,’ said Alvin Evans, who has been training to join the security team at the arena
‘All of us started checking our accounts and we’ve seen that we’re all locked out,’ said Alvin Evans, who has been training to join the security team at the arena.
‘How does this happen? My information is on those apps so I’m definitely worried about that,’ he said.
The new hire claimed he had not received his check as of Saturday.
‘I’ve been trying to call HR, I sent emails, I did everything I can and nobody has responded to me,’ Evans told the local Fox affiliate.
On Sunday, Twitter user Jacob Orth gave an update of the situation at the casino at the Bellagio, and said most slot machines were working.
On Thursday night, videos posted from MGM properties on the Las Vegas Strip, including ARIA and Bellagio, showed painfully long check-in lines, and some slot machines that remain offline.
MGM Resorts said the incident began Sunday, affecting reservations and casino floors in Las Vegas and other states. Videos on social media showed video slot machines that had gone dark. Some customers said their hotel room cards weren’t working. Others said they were canceling their trips this weekend.
In a statement late Thursday, hackers claiming responsibility for the breach said they maintained access to ‘some of MGM’s infrastructure’ and threatened ‘additional attacks’ if their ransom demands are not met.
On Sunday, Twitter user Jacob Orth gave an update of the situation at the casino at the Bellagio, and said most slot machines were working
MGM’s ongoing woes come after rival gaming giant Caesars Entertainment confirmed it had detected a breach last week — but Caesars reportedly paid a ransom of roughly $15 million, and has avoided any customer-facing disruptions.
The FBI told DailyMail.com that it is investigating the incidents at both Caesars and MGM, adding: ‘As this is an ongoing investigation, we are not able to provide any additional detail.’
Both breaches appear to have been initiated through ‘social engineering’ attacks, in which the hackers tricked human targets into handing over login credentials, such as by impersonating real employees in phone calls to support lines.
Attribution for the attacks remained ambiguous. A group called Scattered Spider has contacted journalists claiming responsibility for both breaches, while an affiliated gang known as ALPHV posted a lengthy statement contradicting those claims and saying it conducted the MGM attack.
It is possible that the two groups, which are known to have an affiliate relationship, both took part in the attacks, or are actually factions within the same loose-knit hacker collective.
Last week casino goers shared images of the out-of-order slot machines
Tony Anscombe, the chief security official with the San Diego-based cybersecurity company ESET, said it appears the invasions may have been carried out as a “socially engineered attack,” meaning the hackers used tactics like a phone call, text messages or phishing emails to breach the system.
‘Security is only as good as the weakest link, and unfortunately, as in many cyberattacks, human behavior is the method used by cybercriminals to gain the access to a company’s crown jewels,’ Anscombe said.
For MGM guests, the result of that company’s breach has been a week of confusion and frustration.
‘The MGM hack is causing chaos,’ posted X user Rachel Hooks from ARIA, sharing video of long lines and slot machines on the fritz. ‘Ridiculous check in queues and casinos down.’
At the Bellagio, @JacobLasVegasLife posted video showing huge lines for hotel check-in.
MGM’s hotels have reportedly been forced to adopt antiquated measures at check-in desks, writing down guest information and credit card numbers by hand as system disruptions persist.
The outage appears to be affecting MGM properties outside of Vegas, including the Borgata in Atlantic City, New Jersey, and the Mississippi-based Biloxi.
MGM was hacked back in 2019, with a reported 142 million guests affected.
Among the people implicated in the breach were Twitter CEO, Jack Dorsey, and Justin Bieber according to prior reports.
ZDNet verified that there was no financial information in the breach and according to an MGM spokesperson, mostly consisted of, ‘contact information like names, postal addresses, and email addresses.’