MGM Resorts International disclosed today that it is dealing with a cybersecurity issue that impacted some of its systems, including its main website and online reservations.
“MGM Resorts recently identified a cybersecurity issue affecting some of the Company’s systems,” the company announced on its profile page on X (formerly known as Twitter).
The company says that it started an investigation immediately after detecting the issue “and took prompt action to protect our systems and data, including shutting down certain systems.”
It appears that the outage started on Sunday night and computer systems in the resorts are currently down.
Reports online note that the company switched to manual operations as the outage credit card machines on properties have been affected.
The MGM Resorts main website is also down, currently informing that customers can make hotel reservations “at any of our destinations” over the phone.
MGM Rewards customers are also affected and they’ve been instructed to call a Member Services number between 6 AM and 11 PM, Pacific time.
All MGM websites using the same domain name as the main one – i.e. mgmresorts.com – have been offline for hours.
BleepingComputer checked several of them and they all showed the same message, instructing visitors to call a phone number, including MGM National Harbor, Empire City Casino, MGM Springfield, MGM Grand Detroit, Beau Rivage, and The Borgata.
According to FOX5, some guests reported that their room keys were not working.
BleepingComputer has also confirmed that the MGM Rewards app is no longer working, advising members to see the front desk for assistance. However, other MGM apps, such as MGM+ and the MGM sportsbook are not impacted by the cyberattack.
The nature of the cybersecurity incident has not been disclosed publicly and the attacker’s purpose remains unknown.
This is the second time MGM Resorts has confirmed a cybersecurity incident since 2019 when one of the company’s cloud services was breached and hackers stole more than 10 million customer records.
The company confirmed the breach in 2020, after an archive with stolen data – including guests’ names, dates of birth, email addresses, phone numbers, and physical addresses, was shared freely on a hacker forum.
This is a developing story