The MGM Grand Cyber Attack: A Closer Look
In September 2023, one of the largest casino chains, MGM Resorts International experienced a cybersecurity attack that shut down operations in multiple casinos in Las Vegas and also throughout the United States. None of the Casino’s guest were able to get into their rooms or use electronic casino games. After some time, MGM Grand was able to continue operations, but had do go without their technology and were forced to conduct business manually.
According to a report from the malware archive vx-underground, the cyber attack that resulted in the shutdown of MGM Grand casinos on Monday has been attributed to the ransomware group ALPHV, also known as BlackCat. The archive suggests that ALPHV managed to gain unauthorized access to the company’s systems through social engineering techniques, effectively disrupting the operations of MGM Resorts International properties across the United States within a mere 10-minute timeframe.
This attack could end up being a problem for anyone who has every made a transaction with MGM Grand, because the Cyber Criminals are after personal information including payment information. Unlike most cyber attacks to hotels, this attack was able to disrupt MGM Grands operations. Currently, the FBI is investigating the attacks while the MGM Grand is looking for a solutions to this Cyber Attack.
In February 2020, one of the largest hotel chains in the world, MGM Resorts International, found itself at the center of a significant cyber attack. The incident exposed personal information of nearly 10.6 million guests who had stayed at MGM properties. The compromised data included names, phone numbers, and addresses. Fortunately, no financial or payment data was compromised in this breach.
The attack involved unauthorized access to a cloud server containing guests’ information, and it was reported that the attacker had gained access to this data as early as 2017. This incident shed light on the importance of cybersecurity within the hotel industry and the need for stronger measures to protect guest data.
Why Are Cyberattacks on Hotels Becoming More Common?
Valuable Data: Hotels collect and store a vast amount of personal and financial data about their guests. This information is a goldmine for cybercriminals, making hotels prime targets for data breaches. With a single successful attack, hackers can gain access to a treasure trove of sensitive information.
Legacy Systems: Many hotels still rely on legacy systems for their operations, which may lack the robust security features of modern technology. These outdated systems are often more susceptible to cyberattacks, making them attractive targets.
Hospitality Industry’s Digital Transformation: The hospitality industry has undergone significant digital transformation in recent years. While this has improved guest experiences, it has also created new entry points for cybercriminals. Online booking systems, mobile apps, and smart room technology have all introduced potential vulnerabilities.
Insider Threats: Hotels employ a diverse workforce with access to sensitive guest data. Insider threats, whether intentional or accidental, can lead to data breaches. Proper employee training and access control are crucial to mitigating this risk.
Lack of Cybersecurity Awareness: Some hotels, especially smaller establishments, may not prioritize cybersecurity as much as larger corporations. This oversight can leave them ill-prepared to defend against cyberattacks.
The Impact of Hotel Cyberattacks
Reputation Damage: A cyberattack on a hotel can tarnish its reputation. Guests expect their personal data to be handled securely, and a breach can erode trust in the brand.
Legal Consequences: Hotel chains that fail to protect guest data can face legal repercussions, including fines and lawsuits.
Financial Loss: Recovering from a cyberattack can be costly. Hotels may have to invest in cybersecurity measures, compensate affected guests, and deal with the financial fallout from lost bookings and reputational damage.
Industry-Wide Ramifications: A high-profile cyberattack on a hotel can have broader implications for the entire hospitality industry. It serves as a warning to other hotels to bolster their cybersecurity measures.
Protecting Against Hotel Cyberattacks
Invest in Cybersecurity: Hotels must allocate resources to cybersecurity, including the adoption of modern security technologies and regular security audits.
Employee Training: Staff should be educated on cybersecurity best practices and the importance of safeguarding guest data.
Data Encryption: Sensitive data should be encrypted to prevent unauthorized access.
Regular Updates: Keep software and systems up to date to patch vulnerabilities.
Incident Response Plan: Develop a robust incident response plan to minimize damage in the event of a cyberattack.
The MGM Grand cyber attack illustrates the increasing threat of cyberattacks on hotels, a trend that shows no signs of slowing down. As the hospitality industry continues to embrace digital transformation, it must also prioritize cybersecurity to protect both guest data and its own reputation. Vigilance, investment in technology, and a commitment to training staff are essential steps toward defending against this growing threat. Hotels must understand that in the digital age, safeguarding guest information is as important as providing exceptional service.