MGM Resorts properties in US shut down computer systems after cyber attack

Over a dozen MGM Hotels & Casinos have had to show down operations after a cyberattack on its computer systems Sunday left the resort chain vulnerable. 

Computer systems at all MGM properties have been shut down for the immediate future until the issue is resolved.  

MGM Resorts International is working with external cybersecurity experts to resolve the “cybersecurity issues affecting some of the company’s systems,” according to a statement obtained by USA Today. 

“We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter,” the statement read. 

While the extent of the breach is still unclear, current guests have taken to social media to document how the outage has impacted ATMs, slot machines, restaurants and the inability to get into their rooms using the digital keys or charge anything to their room, according to reporting by TechCrunch. 

MGM resorts will continue to deliver the experiences for which they are known, according to statement released Monday night.

"Our resorts, including dining, entertainment and gaming are currently operational, and continue to deliver the experiences for which MGM is known. Our guests remain able to access their hotel rooms and our Front Desk staff is ready to assist our guests as needed. We appreciate your patience," the statement read.

Here’s what we know so far. 

What MGM properties have been affected by the cyberattack?

All of MGM’s Grand Hotels & Casinos properties have been impacted by outages, including well-known properties in Las Vegas and New York, according to a notice by MGM. 

MGM has measures in place, such as in-person check outs and physical room keys, in addition to phone and concierge service, that should help minimize disruptions.

• Aria (702-590-9520)
• Beau Rivage (228-386-7111)
• Bellagio (702-693-7075)
• Borgata (609-317-1000)
• The Cosmopolitan of Las Vegas (877-893-2003)
• Delano Las Vegas (702-632-4760)
• Empire City Casino (866-745-7111)
• Excalibur (877-660-0660)
• Luxor (702-632-4760)
• Mandalay Bay (702-632-4760)
• MGM Grand Detroit (877-888-2121)
• MGM Grand Las Vegas (877-660-0660)
• MGM National Harbor (844-646-6847)
• MGM Northfield Park (330-908-7625)
• MGM Springfield (413-273-5000)
• New York-New York (702-740-3311)
• NoMad Las Vegas (702-730-7010)
• Park MGM (702-730-7010)
• Vdara (702-590-9520)

Vegas speakeasies:Shh ... these speakeasies in Las Vegas invite customers to sip cocktails in a hidden bar

Vegas rules:Nevada’s lack of casino self-exclusion law par for state, say experts

Can I still book a room at an MGM property?

Yes, but not online. 

Guests can make a reservation at any MGM Hotel & Casino over the phone by calling 855-788-6775.  Rewards members can call member services between the hours of 6 a.m. to 11 p.m. PST at 866-761-7111.

To contact a concierge, guests have been directed to a phone line handled by hotel management at their respective hotel.  

If you want to make a reservation for a resident artist, production show, or attraction, potential guests can make reservations at Ticketmaster.com. To purchase tickets for Las Vegas Aces, Vegas Golden Knights or a concert event at an Arena please visit AXS.com. 

What happens next?

MGM’s computer systems will likely remain offline until the extent of the cyberattack has been made clear to the company and respective authorities. An MGM spokesperson could not be reached for comment. 

The FBI has been made aware of the incident, but characterized the event as ongoing, according to The Associated Press.

On X, the platform formerly known as Twitter, users were still reporting that ATMs and slot machines were still down as of 5:17 p.m. ET Monday.

The last time MGM experienced a cybersecurity issue was back in 2019 when the personal information of 142 million guests was stolen by hackers and posted to a dark web cybercrime marketplace, according to reporting by ZDNET.  

Most of the data that was stolen consisted of names, email addresses and postal addresses.