As Dulce Martinez attempted to access her casino rewards account to make reservations for an upcoming business trip, she was met with a recurring error message on Monday.
That’s odd, he thought, then took to Facebook to search for clues about the problem in the MGM Resorts International loyalty group. There, he learned that the largest casino owner in Las Vegas had fallen victim to a cyber security breach.
Martinez, 45, immediately checked her bank statement for the credit card linked to the loyalty account. Now he was greeted with four new transactions that he didn’t recognize — with each transaction, he said, the fees increased from $9.99 to $46. He canceled the credit card.
Martinez, a Los Angeles-based publisher in disbelief at the thought of what other information the hackers may have stolen, said he signed up for a credit report monitoring program that costs him $20 a month.
“It’s been a problem for me,” he said, “but now I’m monitoring my credit and taking these extra steps now.”
According to MGM Resorts, the incident began on Sunday and affected bookings and casino floors in Las Vegas and other states. Videos on social media showed video game machines that had blacked out. Some customers said their hotel room cards didn’t work. Others said they would cancel their trips this weekend.
Friday marked the sixth day that bookings were still low and MGM Resorts was offering penalty-free room cancellations until September 17. Company spokesman Brian Ahern declined to answer questions from The Associated Press on Friday, including what information had been obtained. compromised in breach.
On Thursday, Caesars Entertainment – the world’s largest casino owner – also confirmed that it had been the target of a cyber security attack. The casino giant said computer operations at its casino and hotels were not disrupted, but could not say for sure that the personal information of tens of millions of customers was safe after the breach.
The security attacks that prompted the FBI investigation shatter the common perception that casino security requires an “Oceans 11”-level effort to defeat it.
“When people think of security, they think of really big supercomputers, firewalls and lots of security systems,” said Yoohwan Kim, a computer science professor at the University of Nevada, Las Vegas whose expertise includes network security.
It’s true, Kim said, that casino giants like MGM Resorts and Caesars are protected by sophisticated — and expensive — security measures. But no system is perfect.
“Hackers are always fighting for that 0.0001 percent weakness,” Kim said. “Usually this weakness is related to people, like phishing.”
Tony Anscombe, head of San Diego-based cybersecurity firm ESET, said it appears the attacks may have been carried out as a “socially engineered attack,” meaning the hackers used tactics such as phone calls, text messages or phishing emails. to break the system.
“Security is only as good as its weakest link, and unfortunately, as with many cyberattacks, cybercriminals use human behavior to gain access to a company’s crown jewels,” Anscombe said.
After security breaches left some floors of a Las Vegas casino deserted this week, a hacker group emerged online claiming responsibility for an attack on Caesars Entertainment’s systems and said it had asked the company to pay a $30 million ransom.
It has not been officially determined whether either of the affected companies paid a ransom to regain control of their data. But if someone had done that, experts said, more attacks could be coming.
“If it happened to MGM, the same thing could happen to other properties,” said Kim, the UNLV professor. – There will definitely be more attacks. That’s why they have to prepare.”