MGM Resorts International’s balky computerized systems continued their gradual return to normal operations as the company announced late Friday that its online reservation system has been restored.
Just after 8 p.m. Friday, the company reported that reservations are now available at mgmresorts.com and on MGM Resorts’ mobile app. The company encouraged guests to continue to call the company’s reservation center or by calling their casino hosts to make reservations.
In other developments, an advertisement for MGM to hire an IT expert appears to be bogus; another regulatory group sought answers to the company’s computerized systems meltdown; and MGM customers continued to be concerned about data breaches that could affect their personal finances.
In a post on X, formerly known as Twitter, the company reiterated that its website and app are accessible to make dining and spa reservations and for information on other entertainment options, but it advised customers to call properties for hotel room reservations or use third-party booking options.
“We appreciate your patience as we work to restore the hotel booking and MGM Rewards functionality on those channels,” the company’s tweet said.
MGM, the state’s largest employer and the operator of 10 Strip resorts from the high-end Bellagio to the more family-friendly Excalibur, has been working through a cyberattack launched Sept. 10 that kept systems offline for nine days. Since Tuesday, systems have gradually returned to normal, but they still aren’t fully restored. Company email remains offline.
Eastern European hacker gangs ALPHV and Scattered Spider have claimed responsibility for the attack on MGM as well as an attack on Caesars Entertainment Inc. properties in late August. Several IT-related publications have had stories debating the merits of the responses of Caesars, which reportedly paid a multimillion-dollar ransom to free its systems before much damage could be done, and MGM, which continues to slog through recovery.
Meanwhile, an advertisement that appeared on ZipRecruiter, a California-based online employment marketplace for employees and job seekers, on Thursday listed an opening for a Red Hat Linux System administrator to work for Arganteal Corp. on behalf of MGM in Las Vegas.
The advertisement, which described a seven-day contract for the job to restore MGM systems with a pay rate of $1oo an hour, indicated applications were no longer accepted after Thursday night.
An MGM spokesman said Thursday that neither the company nor any of its contracted support companies knew anything about the posting. Emailed requests for comment from ZipRecruiter and emails and calls to Austin, Texas-based Arganteal received no response.
In Boston, members of the Massachusetts Gaming Commission met in an executive session for about an hour Thursday to discuss cybersecurity at MGM.
The company operates a resort in Springfield, Massachusetts, that, like other MGM resorts nationwide, were affected by the nine-day incident.
The commission did not disclose details of the executive session discussion when it returned to an open meeting.
The Massachusetts regulatory hearing occurred at nearly the same time Thursday that Nevada Gaming Commissioner Brian Krolicki called for a public update regarding the attacks on MGM and Caesars.
MGM had no comment on either meeting.
Potential data breaches
People who said they were MGM customers peppered social media with cautionary tales and warnings of potential data breaches associated with the cyberattack. An MGM customer in Michigan emailed the Review-Journal and said his bank account had four suspicious charges that he had to dispute. In a later telephone interview, he said he considered himself lucky that he was able to avert a problem but found it suspicious that the charges appeared after a recent visit to MGM Detroit.
“I noticed charges from a sportsbook on my checking account,” said Mike Stapleton, a home construction and remodeling worker who lives in Washington Township, Michigan, and frequently visits MGM Detroit as a platinum MGM Rewards member.
“I knew it wasn’t me because I don’t really trust online things as it is. Whenever I do anything on a sportsbook, I always do a different amount, even if it’s just by a dollar, just so that it’s a different amount and I won’t see a duplicate number.”
Stapleton said the charge looked much like a transaction he’d do with MGM or FanDuel, but it listed “sportsbook” and the name was blank.
He said he called his bank, and it had already considered the charge a possible fraudulent transaction and had begun an investigation.
Stapleton said he texted his casino host “but she didn’t get back to me, which I thought was a little rude.” He said he joked with her about whether MGM would pay a ransomware demand, which “obviously is a touchy topic with them.”
“I can’t seem to get anybody at MGM to own up to anything, and I just keep reading how it seems like the only people that have been affected are MGM systems and hotel guest key cards and that’s not the fact at all,” he said.
“I know I’m not the only one (to be affected by the cyberattack),” he said. “I’m not that special. Thankfully, it didn’t put me in a financial hardship, but I’m sure there are people that it probably has affected to a certain degree. It seems to me they’re trying to downplay it.”