Plaintiffs allege lax cybersecurity
As MGM Resorts International slowly gets back to normal after the cyberattack that crippled the company from the corporate offices through its casinos, it now faces another challenge: a slew of lawsuits. Last week, three law firms filed a total of five class action lawsuits against both MGM and Caesars, claiming the gaming companies did not properly protect customer data.
Las Vegas law firm Stranch, Jennings and Garvey PLLC and Florida firm Kopelowitz Ostrow Ferguson Weiselberg Gilbert each filed lawsuits against MGM and Caesars. Caesars also got hit with the fifth suit filed jointly by O’Mara Law Firm out of Reno and Barnow and Associates from Chicago.
The plaintiffs represented in the lawsuits say they are more at risk of identity theft because of the hack and that the companies absolutely should have understood how important it was to keep customer information safe.
MGM got hit by hackers starting on September 10 and saw its systems stay down for nine days. Its casino resorts were rendered nearly useless: reservations systems didn’t work, guests had to use old-fashioned keys to get into their rooms because the electronic locks didn’t work, most gaming machines were out of order, and restaurant ordering systems were caput.
Normalcy returning
About a week ago, MGM announced that all of its properties were “operating normally,” though it turned out some things were still not quite up and running. Things are much better now, but it appears that guest reservations are still an issue. The booking website, while up, does not seem to be fully functional and reports from MGM’s Las Vegas casinos are that lines at the front desk are still long. The company also warns that phone wait times could be longer than normal.
The crazy thing about the hack – perpetrated by a group called ALPHV – is that it sounds like it was relatively easy. In a post on X, vx-underground said it took just a ten-minute conversation to take down MGM. In what is called “social engineering,” the hackers researched MGM employees on LinkedIn and convinced someone at the corporate help desk that they were, in fact, a real employee. A few minutes later and the hackers were into the company’s systems.
In an interview with CNBC, Dave Kennedy, founder and CEO of TrustedSec, a cybersecurity firm, said that in his experience, casino companies have some of the worst cybersecurity of any industry. Their problem, he said, is that they think of themselves as hospitality companies and not the caretakers of obscene amounts of money and customer data that they really are. They take tons of care in their physical security to protect the integrity of the games and their cash on hand, but they don’t take as many precautions, Kennedy said, with their computer systems.