This browser does not support the Video element.
MGM Grand faces major cyber security attack
The MGM Grand faced a major cyber security attack that impacted numerous casinos, including Detroit.
DETROIT (FOX 2) - You can still gamble at MGM Grand in Detroit — despite the fact that MGM casinos across the country are experiencing a breach in their cyber security system.
The incident began Sunday — according to company officials as guests in some locations can't make reservations or get into their rooms. Casino sites impacted include Michigan, Las Vegas, Massachusetts, New York and New Jersey.
In Detroit it is business as usual, but you can't check your comps.
David Derigiotis is the chief insurance officer at Embroker and a cybersecurity expert.
"Hotels, and casinos are prime targets for cyber criminals - they are very data-rich," he said. "They are complex IT environments, and you particularly look at a casino and the digital operations involved for surveillance, online gaming, as well as the hospitality section."
MGM Resorts International are not revealing a lot of details about the security breach.
The company issued a statement on social media saying:
"MGM Resorts recently identified a cybersecurity issue affecting some of the company’s systems. Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts.
"We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter."
"You look at this particular disruption, it’s affecting their online services, it is affecting in some cases, people being able to check in using their electronic room keys, take reservations online," he said.
MGM Grand’s website is currently down. A notice instructing customers to call a toll-free number for immediate assistance.
"Every moment that they’re down is potential lost revenue for the operation, it is frustrated customers - it is possibly dealing with identity theft for all your customers," Derigiotis said.
He says there are many reasons why the company is not giving specifics about the extent of the breach.
"The internal team really has to get their arms around the situation - they have to figure out how long has this attacker been in our system? What information have they accessed, what information has been extracted," he said. "They have to do a full analysis to figure out the true scope and damage with regards to the situation."