Published Sep 15, 2023 • Last updated 1 hour ago • 3 minute read
Join the conversation
Article content
LAS VEGAS (AP) — A persistent error message greeted Dulce Martinez on Monday as she tried to access her casino rewards account to book accommodations for an upcoming business trip.
That’s odd, she thought, then toggled over to Facebook to search for clues about the issue on a group for MGM Resorts International loyalty members. There, she learned that the largest casino owner in Las Vegas had fallen victim to a cybersecurity breach.
Advertisement 2
Story continues below
This advertisement has not loaded yet, but your article continues below.
THIS CONTENT IS RESERVED FOR SUBSCRIBERS ONLY
Subscribe now to read the latest news in your city and across Canada.
Exclusive articles by Kevin Carmichael, Victoria Wells, Jake Edmiston, Gabriel Friedman and others.
Daily content from Financial Times, the world’s leading global business publication.
Unlimited online access to read articles from Financial Post, National Post and 15 news sites across Canada with one account.
National Post ePaper, an electronic replica of the print edition to view on any device, share and comment on.
Daily puzzles, including the New York Times Crossword.
SUBSCRIBE TO UNLOCK MORE ARTICLES
Subscribe now to read the latest news in your city and across Canada.
Exclusive articles by Kevin Carmichael, Victoria Wells, Jake Edmiston, Gabriel Friedman and others.
Daily content from Financial Times, the world’s leading global business publication.
Unlimited online access to read articles from Financial Post, National Post and 15 news sites across Canada with one account.
National Post ePaper, an electronic replica of the print edition to view on any device, share and comment on.
Daily puzzles, including the New York Times Crossword.
Create an account or sign in to continue with your reading experience.
Access articles from across Canada with one account.
Share your thoughts and join the conversation in the comments.
Enjoy additional articles per month.
Get email updates from your favourite authors.
Article content
Article content
Martinez, 45, immediately checked her bank statements for the credit card linked to her loyalty account. Now she was being greeted by four new transactions she did not recognize — charges that she said increased with each transaction, from $9.99 to $46. She canceled the credit card.
Unsettled by the thought of what other information the hackers may have stolen, Martinez, a publicist from Los Angeles, said she signed up for a credit report monitoring program, which will cost her $20 monthly.
“It’s been kind of an issue for me,” she said, “but I’m now monitoring my credit, and now I’m taking these extra steps.”
MGM Resorts said the incident began Sunday, affecting reservations and casino floors in Las Vegas and other states. Videos on social media showed video slot machines that had gone dark. Some customers said their hotel room cards weren’t working. Others said they were canceling their trips this weekend.
The situation entered its sixth day on Friday, with booking capabilities still down and MGM Resorts offering penalty-free room cancelations through Sept. 17. Brian Ahern, a company spokesperson, declined Friday to answer questions from The Associated Press, including what information had been compromised in the breach.
Top Stories
Get the latest headlines, breaking news and columns.
By signing up you consent to receive the above newsletter from Postmedia Network Inc.
Thanks for signing up!
A welcome email is on its way. If you don’t see it, please check your junk folder.
The next issue of Top Stories will soon be in your inbox.
We encountered an issue signing you up. Please try again
Article content
Advertisement 3
Story continues below
This advertisement has not loaded yet, but your article continues below.
Article content
By Thursday, Caesars Entertainment — the largest casino owner in the world — confirmed it, too, had been hit by a cybersecurity attack. The casino giant said its casino and hotel computer operations weren’t disrupted but couldn’t say with certainty that personal information about tens of millions of its customers was secure following the data breach.
The security attacks that triggered an FBI probe shatter a public perception that casino security requires an “Oceans 11”-level effort to defeat it.
“When people think about security, they are thinking about the really big super-computers, firewalls, a lot of security systems,” said Yoohwan Kim, a computer science professor at the University of Nevada, Las Vegas, whose expertise includes network security.
It’s true, Kim said, that casino giants like MGM Resorts and Caesars are protected by sophisticated — and expensive — security operations. But no system is perfect.
“Hackers are always fighting for that 0.0001% weakness,” Kim said. “Usually, that weakness is human-related, like phishing.”
Tony Anscombe, the chief security official with the San Diego-based cybersecurity company ESET, said it appears the invasions may have been carried out as a “socially engineered attack,” meaning the hackers used tactics like a phone call, text messages or phishing emails to breach the system.
This advertisement has not loaded yet, but your article continues below.
Article content
“Security is only as good as the weakest link, and unfortunately, as in many cyberattacks, human behavior is the method used by cybercriminals to gain the access to a company’s crown jewels,” Anscombe said.
As the security break-ins left some Las Vegas casino floors deserted this week, a hacker group emerged online, claiming responsibility for the attack on Caesars Entertainment’s systems and saying it had asked the company to pay a $30 million ransom fee.
It has not officially been determined whether either of the affected companies paid a ransom to regain control of their data. But if one had done so, the experts said, then more attacks could be on the way.
“If it happened to MGM, the same thing could happen to other properties, too,” said Kim, the UNLV professor. “Definitely more attacks will come. That’s why they have to prepare.”
___
Parry reported from Atlantic City. Associated Press videographer Ty O’Neil in Las Vegas contributed.
Article content
Share this article in your social network
Comments
Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.
Comments
Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.
Join the Conversation