It will be remembered as the cyberattack heard around the world.
MGM Resorts International recently revealed that it’s business as usual as they are back up and running after ten days of chaos due to a cyberattack against their systems.
MGM, which owns more than two dozen hotel and casino locations in various places around the world, and online sports betting, reported a “cybersecurity issue” was affecting some of their systems on September 11. For the several days that followed, the Vegas resort said that things from hotel room keys to slot machines and ATMs were not functional. Guests had to wait in long lines to be checked in and to receive physical room keys, and many of them took to social media to complain and inform others of the insanity that they were living while on vacation.
As this was happening, many wondered if this was a super rare scenario or if they should be worried about it happening to other hotels and businesses. The Blast sat down to discuss the incident with Lisa Plaggemier, Executive Director at National Cybersecurity Alliance.
Lisa Plaggemier Shared Some Insight Into The MGM Cyberattack
The National Cybersecurity Alliance is a non-profit organization that aims to “create a more secure, interconnected world.”
“We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organizations from cybercrime,” their website reads.
When asked about how common a situation such as what MGM recently went through is, Plaggemier said it’s “pretty common.”
“Sadly, it’s pretty common, and you may or may not hear about it depending on the situation. There are reporting requirements now that have gotten stricter, mainly from the FTC,” she told The Blast exclusively.
“I was at a security event for the past couple of days, and there was a ransomware incident that caused the death of an infant in a hospital. And we’re not hearing about that one in particular because the parents are suing the hospital, and it’s currently being litigated so there’s not a lot of communication in the press about it. That was particularly shocking and egregious, but that was the point of this person’s presentation. They were talking about security incidences that have led to loss of life.”
She also said that because of the scale of this particular cyberattack and because it’s the MGM and Vegas specifically, that could be why it’s being talked about more in the media.
“A lot of times these incidences will happen at a small local hospital or school district, or local business, and because they’re not the same scale, they’re not a household brand, we don’t hear about them as much,” she said. “It takes more before things reach the level of being worth national media. But sadly, no, these are not that uncommon.”
When asked what the MGM did wrong or maybe did right, Plaggemier explained that not being on the inside makes it impossible to gauge the whole situation.
“Without being on the inside, I would hate to second guess their IT or security teams. It’s hard to know the details, and the cyber criminals made a statement, but again they’re criminals so I don’t know how much trust or faith to put in that,” she explained.
“It’s hard to tell, for instance, in this circumstance, did the IT team take some of their systems down to protect them, or were they affected by the ransomware, for example? It’s tough to tell. I think the only thing we can usually pass judgment on is whether they communicated openly and they were as transparent and as quick to communicate as they possibly could be because that’s the one thing we can all see.”
Many guests of MGM or even other hotels in Las Vegas have taken to social media to talk about the issues and share their concerns. Many wonder if they should be concerned about their personal or financial information. Plaggemier explained why they shouldn’t be “overly concerned.”
“If I were somebody that stayed at one of these properties recently, I wouldn’t be overly concerned on the credit card front, because you’re not liable if anything bad does happen,” Plaggemier said. “I would watch your statement or log on every couple of days to see if there are any charges you don’t recognize. I would pay attention to that, but I wouldn’t ask for a new account number or new card just yet because if there are any fraudulent charges, you’re shielded by your credit card company from liability for any of those fraudulent charges. And what will happen if that kind of consumer data is affected? You will be notified.”
With consumer notification laws in place, if anyone’s information was compromised, they would be notified and offered free credit monitoring, which Plaggemier highly recommends.
As an additional step for people who are concerned, Plaggemier said putting a freeze on your credit is another avenue to help.
“If you’re really concerned, you can also put a credit freeze on your credit with the three main bureaus,” she said. “That’s free to do and really easy to do.”
Can This Type of Situation Be Prevented?
“It’s absolutely preventable,” Plaggemier said. “There are multiple ways to keep the bad guys out of your system.”
Security training at work is very important to teach employees how to avoid cyberattacks. Plaggemier recommends a tabletop exercise, where you actually run through a scenario of a ransomware attack. Everybody works together to simulate your response, and those exercises can be very eye-opening to expose weaknesses and areas that need some work.
“Human error is inevitable. What’s been reported [with MGM] is that someone was socially engineered,” she said. “That kind of was the first click that set off the series of events, so we shouldn’t discount security training.”
TikToker VegasStarfish Shared Information Throughout The Cyberattack
Popular TikToker VegasStarfish, who shares insider information on everything in Las Vegas on the social media platform, shared daily videos filled with insider information during the cyberattack.
On day 10, she shared information on what’s up and running and what’s still struggling.
@vegasstarfish Las Vegas Cyber Security Attack update for 9/20/23 Day 10: the final chapter. This is now the new normal. 99% of operations are functional and guest service is no longer impaired. Visit, have an amazing time, report any unusual charges to your bank and feel confident that your vacation is unlikely to be negatively impacted at this point. The remaining functionality concerns are primarily back of the house and may take weeks to resolve. There is no reason to avoid or cancel a stay at MGM Resorts. Multiple resorts including Caesars Entertainment properties who recently allegedly paid a ransom to hackers, are experiencing glitches. Cybersecurity is an issue everywhere and fear shouldn’t ruin your trip. #vegas #lasvegas #vegasstarfish #mgmresorts #cybersecurity #hackers #vegaslocal #vegastiktok #vegasvacation #vegasnews ♬ Lo-fi hip hop – NAO-K
Calling this “the new normal,” she explained that other hotels across the city were experiencing glitches. She also said it will take “weeks, maybe months” to return to normal.
One MGM employee dropped into the comments to say, “I work at an MGM property, and we are not back up & running like usual 🙃 wish we were tho. It’s been hell…”
VegasStarfish also left a comment for viewers about the employees.
“Employees are feeling the worst of this with inaccuracies on paychecks, no email, lack of ability to communicate or schedule time off, and no access to employee portals. But they are making the best of a crappy situation. As Vegas hospitality workers do.”
