MGM Resorts International reported a "cybersecurity issue" on Monday (September 11). The company said the issue might affect its hospitality, gaming, and entertainment properties across the US over this week after its websites went down late Monday, urging customers to book rooms and request reservations by phone.
ABC's Las Vegas affiliate KTNV 13 reported that multiple gambling machines at hotels had gone offline and several guests were unable to charge anything to their rooms, make reservations, or use their digital room keys.
In a statement late Monday evening, the company said the issue was ongoing but its casino gaming floors were operational and they would "continue to work diligently to resolve this issue."
According to MGM spokesperson Brian Ahern, the extent of the issue across the company's reservation systems and casino floors in its flagship site in Las Vegas, as well as its operations in Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio, remains to be unknown.
Other questions reporters directed to MGM were left unanswered.
Meanwhile, University of Nevada, Las Vegas associate professor of information systems and cybersecurity Dr. Greg Moody told the New York Times that a "cybersecurity issue" typically meant an individual or group has attacked a company's network. He added that the attacker or attackers might have "found some gap in their armor" and took advantage of it to take down the company's systems.
Moody previously worked with MGM and members of its tech team on several projects.
Overall Ops Crippled by Alleged Cyberattack, MGM Says
Because of the issue, some MGM systems were shut down as a precaution to protect data and the firm launched an internal investigation with the help of "leading external cybersecurity experts."
The FBI's Las Vegas office has been requested for comment, but the national press office out of Washington stated the agency was "aware of the incident" which it confirmed was "still ongoing" without disclosing further details, as per the Associated Press.
The Nevada Gaming Control Board has also been requested for comment but has yet to respond to reporters.
MGM currently has 19 properties in the US, including the Las Vegas resorts such as the Bellagio, Mandalay Bay, and the Cosmopolitan.
NBC News added that the company also has properties in China.
Late last year Nevada's gaming board approved stricter cybersecurity measures, including a three-day window to report any online system breaches.
The Securities and Exchange Commission (SEC) also adopted a similar regulation for large, publicly traded companies in July of this year. It would require a significant breach to be reported within four business days, but it would only be effective by December.
"Whether a company loses a factory in a fire - or millions of files in a cybersecurity incident - it may be material to investors," SEC Chair Gary Gensler said in a statement in July.