MGM Breach

MGM Resorts International is well-known for their hotels and casinos and was hit with a cyberattack on Sunday. Since the cyberattack all systems have been shut down including their websites, ATMs, slot machines and even elevators have been down. Everyone staying at their properties -which include New York New York, Aria, The Bellagio, Mandalay Bay, The Mirage, The Cosmopolitan, and many more properties – are unable to access their rooms because their key cards don’t work. This attack has also affected their reservation system in Las Vegas, Maryland, Massachusetts, New York, New Jersey, and Ohio. Security guards are warning guests not to gamble because they will not be able to cash them out.

Millions of MGM customers information has been breached due to the cyber-attack. Since cybercriminals always love to use a popular topic as their subject of phishing emails we can expect to see a surplus of MGM spoofed related emails and fake websites. Remember to be cautious if you receive an email claiming to be MGM. Now that customers information has been breached they can write convincing emails with your information trying to persuade you that its really MGM. Some types of scams we might see in the next few weeks could include free stays to accommodate the inconvenience and reimbursement scams. Both of these trying to get people to put in their payment information.  

Last month, MGM properties hosted DefCon (an underground hackers conference). This year attendees tested out AI chatbots in a contest to test the systems’ vulnerabilities. One user was able to get a credit card number from the AI chatbot that the bot was supposed to keep a secret. This conference was held at Mandalay Bay. 


  • Check for red flags. Look at the sender’s email address, time the email is being sent, grammar, etc.
  • If an email sounds too good to be true or claims to give you a free stay to accommodate for this breach proceed with caution. Cybercriminals are going to try to persuade you and get you to do an action impulsively.
  • Think before you click or give out any information! Make sure you are hovering over links to see where they are really going and never give your information through an email or through a link in an email.

Learn more tips like this and train your employees with our Security Awareness Training Program.