The MGM Resorts Cyber Attack Is Still Causing Chaos After 5 Days

The massive data breach follows a similar attack on Caesars Resorts last week.

K.M. Cannon/Las Vegas Review-Journal/Tribune News Service/Getty Images
K.M. Cannon/Las Vegas Review-Journal/Tribune News Service/Getty Images
K.M. Cannon/Las Vegas Review-Journal/Tribune News Service/Getty Images

MGM Resorts is on day five of a nightmarish cyber attack that has completely shut down the company’s online operations. Initially, the resort did not confirm that the issues were the cause of a cyber attack-only that there were cybersecurity issues at hotels and casino floors in Las Vegas, Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio. Customers were told not to handle bookings or anything related to stays through the MGM, and the MGM Resorts website directed customers to handle their bookings over the phone.

Then, on September 12, MGM Resorts issued a statement formally addressing the issue:

“MGM Resorts recently identified a cybersecurity issue affecting certain of the Company’s systems. Promptly after detecting the issue, we began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and are taking steps to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to resolve the matter. The Company will continue to implement measures to secure its business operations and take additional steps as appropriate.”

By Thursday, news reports confirmed that MGM was the victim of a cyber attack. The FBI confirmed that it was investigating the incident. At the same time, Caesars Entertainment reported that the company had also been the victim of a cyber attack, and had paid a ransom, according to ABC News.¬†Cybersecurity researcher V-X Underground reported that a group called ALPHV ransomware group was able to breach MGM’s system by finding an employee on LinkedIn, and making a phone call. Bloomberg reported that the same group was responsible for the attack on Caesars.At MGM, the attack has affected hotel booking, restaurant reservations, betting systems, and corporate email accounts. Some customers also reported not being able to use room keys. Reporting from KTVN Las Vegas¬†revealed that MGM properties in Las Vegas seemed to have returned to normal operations, aside from long waits at front desks. On social media, some guests are saying it’s a bit more intense: slot machines are reportedly being paid out manually by an employee, and the process has a wait time anywhere between 20 minutes to an hour.The MGM Resorts website has a notice on its website advising what customers and guests can do while this attack continues to hobble the system.

“We apologize for the inconvenience. For restaurant options and reservations, please download the MGM Rewards App. To make a reservation for a resident artist, production show, or attraction please visit To purchase tickets for UFC, Las Vegas Aces, Vegas Golden Knights or a concert event at an Arena please visit,” the website states.

“For hotel reservations arriving September 13-17, 2023, we understand your travel plans may have changed, so we are waiving change and cancellation fees.”

Screenshot via MGM Resorts
Screenshot via MGM Resorts
Screenshot via MGM Resorts

The process for how to go about canceling your booking is currently unclear. Phone numbers were previously listed on the MGM Resorts website, but are no longer listed. It does seem that those changes would need to be done over the phone, as all website booking functions are down. As of September 14, when you call the Central Booking phone number, 855-788-6775,¬†an automated voice informs callers that MGM Resorts is not accepting phone calls due to technical difficulties.In an update on Thursday afternoon, MGM thanked employees for their work and guests for their “continued patience.”

If you have been affected by a data breach, there are specific steps you can take, according to Experian. First, if your information was compromised in a breach, the company that was breached is required to notify you. Right now, it might be too soon to determine exactly how the cyber attack against MGM will affect customers. But in the event that your data has been exposed, these are steps to take.

“If you’re notified that your personal information was exposed in a data breach, act immediately to change your passwords, add a security alert to your credit reports and consider placing a security freeze on your credit reports,”¬†Experian advises.

Looking for more travel tips?

Whether you need help sneaking weed onto a plane, finding an airport where you can sign up for PreCheck without an appointment, or making sure you’re getting everything you’re entitled to when your flight is canceled, we’ve got you covered. Keep reading for up-to-date travel hacks and all the travel news you need to help you plan your next big adventure.Want more Thrillist? Follow us on¬†Instagram,¬†TikTok,¬†Twitter,¬†Facebook,¬†Pinterest, and¬†YouTube.

Opheli Garcia Lawler is a Staff Writer on the News team at Thrillist. Follow her on Twitter @opheligarcia and Instagram @opheligarcia.


Mad Mex’s New Menu Item Is Inspired by a Popular Mexican Street Food

mad mex chicken al pastor

Mexican restaurant chain Mad Mex has dropped a new protein, and it’s one of the most popular street foods in Mexico.

Enter, Chicken Al Pastor. It’s traditionally made with pork and grilled on a spinning rotisserie with a pineapple sitting a top, but Mad Mex has put its own spin on it, serving chicken bathed in an Al Pastor marinade with a touch of juicy pineapple.

You can order the protein-packed filling in your favourite burrito, bowl, quesadilla, nachos, or in a taco.

As always, these things are here for a good time, not a long time. Pop into your local Mad Mex restaurant, order delivery or through the Mad Mex app today.

Get the latest from Thrillist Australia delivered straight to your inbox, subscribe here.


Our Best Stories, Delivered Daily
The best decision you'll make all day.