A look back at the MGM Las Vegas cyberattack

In mid-September, a major cyber-attack hit MGM Resorts International in the U.S., jeopardizing the gaming giant’s operations. The US authorities immediately launched an investigation into the intrusion.


Cyber attacks are a scourge that does not spare large corporations. MGM Resorts International was targeted on September 7, 2023 by a group of hackers called Scattered Spider. MGM Resorts, which operates over 30 hotels and gaming venues worldwide, has annual sales of $14 billion.


Scattered Spider managed to paralyze several MGM systems, causing considerable disruption to its operations. Slot machines and other systems remained out of service in the company’s establishments, notably in Las Vegas.


The FBI said on Wednesday September 13 that it was investigating the incident, but gave no further details.


Another casino operator, Caesars Entertainment, was also targeted. However, it paid a ransom to avoid the disclosure of its data.


Hacker groups


The Scattered Spider group, also known as UNC3944, is renowned for its use of social engineering, tricking users into divulging their credentials and passwords to bypass multi-factor authentication.


It is “one of the most prevalent and aggressive threat actors impacting organizations in the U.S. today,” said Charles Carmakal, CTO at Mandiant Intelligence in a LinkedIn post, following reports of the MGM breach.


“While the group’s members are less experienced and younger than many multi-faceted extortion/ransomware groups and nation-state espionage actors, they pose a serious threat to large organizations in the United States.”


Another hacker group called AlphV claimed to be involved in the attack. According to Reuters sources, AlphV worked with Scattered Spider to break into MGM’s systems and steal data for extortion.


Six terabytes of data breached


On Thursday September 14, Scattered Spider announced that it had extracted six terabytes of data from the systems of powerful casino operators MGM Resorts International and Caesars Entertainment. Both companies are themselves investigating the intrusions.


The private data of customers who used MGM services before March 2019, including contact details, gender, date of birth and driver’s license numbers, was breached, the company said. MGM said the hackers had not obtained any bank account numbers or payment card information from its customers, and that no data from its luxury hotel, the Cosmopolitan of Las Vegas, had been breached.


In a communication to Reuters via the Telegram messaging platform, a Scattered Spider representative said they had no intention of making the data public and declined to reveal whether they had demanded a ransom from the companies. “If MGM wishes to disclose this information, they will. We don’t,” said a spokesman for Scattered Spider. It was a cybersecurity expert running an online repository of malware samples called “vx-underground”, who chose to remain anonymous, who put Reuters in touch with this Scattered Spider contact.


Financial repercussions


To continue reading this article, subscribe or log in to your account

Discover our plans

Subscribe for 1€

Become an active member of the community of luxury leaders.



Featured photo : ©MGM Resorts

Picture of Hugues Reydellet
Hugues Reydellet
Hugues Reydellet is a young and passionate journalist whose favorite subjects are economy, culture, gastronomy, but also cars, and sports. With a sharp pen and an insatiable curiosity, Hugues is constantly on the lookout for new hot information to report.

Subscribe to our Newsletter

Sign up now to receive sneak previews of our programs and articles!

Launch offer:

Your participation in the Camille Fournet Masterclass reserved for annual subscriber !

Luxus Plus Newsletter