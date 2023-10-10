MGM Resorts International CEO Bill Hornbuckle gave new details about the September cyberattack that crippled his company for nine days and said it would emerge stronger than ever.

Bill Hornbuckle, president and CEO of MGM Resorts International, speaks to the Las Vegas Review-Journal at the Aria on Monday, July 17, 2023, in Las Vegas. (Chitose Suzuki/Las Vegas Review-Journal)

Hornbuckle, appearing Tuesday as a keynote speaker on Day 2 of the Global Gaming Expo, responded to questions from CNBC anchor Contessa Brewer and said next month’s Formula One Las Vegas Grand Prix would be the biggest special event in the city’s history.

“Look, it’s corporate terrorism at its finest,” Hornbuckle told a crowd of around 1,000 gathered in a ballroom at The Venetian for the first keynote addresses. “You don’t wish this on anybody. It happened to hit us. It was partially socially engineered. And for the couple of weeks to our company, it was devastating.

“We saw it early, so we had good indicators on the ground. By day two, we knew they were there. We reacted quickly to protect data. And so you saw us shutting down systems by our own design. What ended up happening is criminals literally understood what was happening and they shut the balance of it down for us. We found ourselves in an environment where for the next four or five days, with 36,000 hotel rooms and some regional properties, we were completely in the dark. I mean, literally the telephones, the casino system, the hotel system, the key system, and I could go on and on and on, were not functioning.”

Hornbuckle affirmed that MGM did not pay a ransomware demand to the attackers.

“We did not pay ransom, not that that’s the defining moment in one of these things,” Hornbuckle said. “I know people say don’t pay ransom. But the way this came at us and the velocity at which it came at us, we reacted quickly. We protected data. We find ourselves now a couple weeks into this thing fully functioning. We have all our commercial systems back. This is probably going to cost us in the range of $100 million. It is covered by cyber insurance, thankfully. I can only imagine what next year’s bill will be. And so moving forward, it’s about reinvestment into infrastructure, people, and processes.”

Asked about the decision-making process of whether to pay the ransom demand, Hornbuckle said it was a tactical decision.

“It took us (until day three) to figure out how to get out of it as we thought they would tell us what to do to get out of it. And so it was a decision of, no, we shouldn’t be paying a ransom. It’s going to take us as long to figure this out anyway, even if they gave us the encryption keys. And so let’s just move forward and put ourselves when we get through this in a much different and better place.”

Hornbuckle said one of MGM’s two call centers – the technology crew – was where hackers social engineered themselves into the company’s system.

“We have a call center that’s for ‘my machine is broken,’ and then we have a tech call center, which is for the technical crew. That’s the layer that got engineered. And so how that process works going forward needs to be rethought and it’s been done, has been and will continue to be. That’s the key lesson.

“At the end of the day, you’re trying to understand a customer and it’s totally worth it. So all that leads to a central place, all by design. But the way that you structure your environment, in terms of pillars, keeping them, if they get into one, they don’t get into all, is critical architecture,” he said.

Hornbuckle said he believes the hackers never reached customers’ credit card information.

“Look, it makes it more complicated, but in our example, one of the things we were able to protect was banking information, credit card information, nothing got out,” he said. “And so even despite the scale of the hack that we had, that kind of information didn’t get out.”

