MGM Resorts blames 'cybersecurity issue' for ongoing outage

Hotel and casino giant MGM Resorts has confirmed a “cybersecurity issue” is to blame for an ongoing outage affecting systems at the company's Las Vegas properties.

“MGM Resorts recently identified a cybersecurity issue affecting some of the company’s systems,” the company said in a statement posted to X, formerly Twitter, on Monday.

“Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter," the statement reads.

According to reports on social media, the incident has led to outages impacting ATM cash dispensers and slot machines at MGM’s Las Vegas casinos, and forced hotel restaurants to accept cash-only payments. Guests also report that they cannot charge anything to their rooms and are unable to use their digital room keys.

A notice on the MGM Resorts website — also affected by the ongoing outage — confirms that the incident impacts all of its Las Vegas resorts, including Aria, the Bellagio, Luxor, MGM Grand and Mandalay Bay. Guests are advised to call to make a reservation or to speak to a concierge.

A source with knowledge of the incident told TechCrunch that all of MGM’s properties, including those outside of Las Vegas, appear to be affected by the incident. The websites of several of MGM's regional resorts, including MGM Springfield in Massachusetts, MGM National Harbor and the Empire City Casino in New York, were all offline at the time of writing.

Further details about the incident, including the nature of the cyberattack and whether the hackers responsible have exfiltrated data from MGM's systems, remain unknown. It's also unclear when MGM expects its computer systems to return online.

An MGM spokesperson did not immediately respond to TechCrunch’s questions, though it's unclear whether MGM employees currently have access to corporate email systems.

MGM Resorts last experienced a significant cybersecurity incident last year when the personal information of more than 140 million guests was shared on Telegram. The stolen data included guests' full names, postal addresses, email addresses, phone numbers, dates of birth and, in some cases, passport and driver license numbers.

Read more on TechCrunch: