MGM Resorts International faced a significant cyber attack that tested the resilience of its operations and leadership. CEO Bill Hornbuckle recounted that hackers infiltrated the casino giant's computer systems for several days before issuing ransom demands, which fundamentally shaped their response strategy.
"I’d love to tell you there was this, you know, ‘a jump on a white horse moment and devil be damned — we’re not paying these bastards,'" Hornbuckle shared in an interview. However, he noted that the attack progressed so far that MGM had begun rebuilding their systems when the ransom note finally arrived. His decision to disregard the ransom demand stemmed from their ability to respond to the intrusion early on.
"I’d love to tell you there was this, you know, ‘a jump on a white horse moment and devil be damned — we’re not paying these bastards,'"
The incident reportedly began on the night of September 7, with MGM quickly attempting to secure their systems. Unfortunately, the attackers breached the corporate Domain Name System (DNS) layer, which is crucial for managing all of a company’s applications. "They had gotten into the arteries to the heart so they could choke things off," Hornbuckle explained, underlining the severity of the breach.
"They had gotten into the arteries to the heart so they could choke things off,"
In the wake of the attack, MGM assembled a robust response team. This war room included executives, IT experts, legal advisors, and cybersecurity consultants, all working in unison to mitigate the damage. As operations became increasingly manual, MGM staff resorted to traditional methods. "Employees working with guests began operating in manual mode, writing down customers’ names and credit-card info on clipboards at check-in," Hornbuckle recounted, describing the urgent measures taken to maintain service.
"Employees working with guests began operating in manual mode, writing down customers’ names and credit-card info on clipboards at check-in,"
As the crisis unfolded, the attackers started taking down critical systems, including payroll and booking processes that handle 20,000 reservations daily. "Literally everything was out," Hornbuckle stated, illustrating the chaos that ensued.
"Literally everything was out,"
Cybersecurity analysts suspect that the hacking group Scattered Spider, comprising young operatives from the US and the UK, orchestrated the attack on MGM, similar to their actions against Caesars Entertainment Inc. Hornbuckle was initially unaware of the Caesars breach and declined to disclose the ransom amount demanded from MGM.
Financially, the breach is expected to cost MGM approximately $100 million in lost earnings for the third quarter and another $10 million in additional expenses, most of which is covered by insurance. "I can only imagine what next year’s bill will be," Hornbuckle commented during a panel discussion at the Global Gaming Expo in Las Vegas.
"I can only imagine what next year’s bill will be,"
Championship Implications
Four weeks post-attack, Hornbuckle indicated that the majority of MGM's systems are back online, except for a single server related to loyalty points. Reflecting on the experience, Hornbuckle expressed relief at the decision not to comply with the ransom demands. "They’re not hanging over us with our database in their hand or ultimately the keys to the empire," he said, emphasizing the importance of that choice amidst the chaos.
"They’re not hanging over us with our database in their hand or ultimately the keys to the empire,"
Career Journey
This cyber incident serves as a stark reminder of the evolving threats facing organizations today, particularly in sectors like hospitality where customer data is paramount. MGM's journey through this attack not only highlights the importance of robust cybersecurity measures but also the critical need for decisive leadership in times of crisis. As they continue to recover, the industry watches closely, contemplating the implications for future cybersecurity strategies.
