MGM Resorts has shut down some of its systems due to a “cybersecurity issue,” according to a company. social media post Monday.
On Tuesday evening, the company released an update, saying dining, entertainment and gaming at its resorts “are currently operational.” The statement also thanked guests for their patience, saying “our guests remain able to access their hotel rooms.”
However, the release did not specify the status of its systems, whether these transactions were processed manually, or whether some properties still only accept cash.
As of Tuesday morning, MGM Resorts’ website was still offline, with an apology message and a list of phone numbers for guests to reach their hotel concierge.
Justin Heath, a guest at the MGM Grand in Las Vegas, told CNN on Monday that visitors cannot charge their purchases to their rooms, digital hotel room keys do not work and restaurants only accept cash.
In MGM’s initial statement Sunday, the company explained that after detecting the cybersecurity issue, “we quickly launched an investigation with the assistance of leading external cybersecurity experts,” the company said on X, formerly known as Twitter.
MGM Resorts (MGM) claims to work with law enforcement and “took rapid action to protect our systems and data, including shutting down certain systems.”
An FBI spokesperson told CNN he was aware of the incident but declined to comment further on the matter.
CNN has contacted MGM Resorts for more information. MGM Resorts International manages several properties in the United States, including Aria, Bellagio, Cosmopolitan, Excalibur, Luxor, Mandalay Bay, MGM Grand Las Vegas and New York-New York in Las Vegas. Other domestic properties are located in Massachusetts, Michigan, Mississippi, Maryland, Ohio, New Jersey and New York. The company also owns resorts in China.
It is unclear whether the cybersecurity incident was carried out by malicious actors seeking to exfiltrate sensitive information or cause damage and disruption to MGM systems. For investigators, the nature of the attack is often key to determining whether it comes from criminals seeking to steal information for profit or from state actors collecting information for intelligence purposes.
Casinos are prime targets for both traditional cybercriminal businesses and foreign governments.
In 2017, the researchers announced a North American casino was the target of data exfiltration by cybercriminals who compromised an aquarium connected to the company’s Internet connection.
In 2014, the Sands Las Vegas Corporation was a victim to a damaging cyberattack by the Iranian government, according to the US director of national intelligence.
CNN’s Danielle Sills contributed to this report