Hackers who breached casino giants MGM Resorts International (MGM.N) and Caesars Entertainment in recent weeks also broke into the systems of three other companies in the manufacturing, retail, and technology space, a security executive familiar with the matter said. David Bradbury, chief security officer of the identity management company Okta, did not identify those companies or provide details about their business. But he said the data breaches could be linked to the same group of hackers reported targeting Caesars on Aug. 27 and demanded a $30 million ransom from the casino operator. Caesars paid roughly half the amount.
The incident has heightened concern over the cybersecurity of casinos, which operate large computers that handle customer information and financial transactions. It has also highlighted the challenges of recovering from a cyberattack, which can leave a company unable to operate normally for months while it tries to fix the damage.
MGM, which operates hotels and gaming venues from Las Vegas to Macau, announced on Monday it had shut down some of its systems to contain a “cybersecurity issue.” The $14 billion company, the largest casino-hotel operator in the world, disclosed the matter in a Securities and Exchange Commission filing but did not elaborate. The FBI is investigating, and Moody’s rating agency has warned the incident could affect MGM’s credit ratings.
While MGM has not publicly commented on the cause of its disruptions, it is believed that a group known as Scattered Spider, or UNC 3944, took control of its computers. The group is believed to be comprised of hackers from the United States and Britain who specialize in stealing data for extortion or other illicit purposes, cybersecurity experts say.
Scattered Spider is believed to be working with the more prominent gang, ALPHV, or BlackCat, which hacked MGM in 2021 and demanded more than $10 million from the hotel-casino operator. It is unclear whether any of the information stolen from MGM was leaked or sold to unauthorized parties, but some analysts believe it was likely.
MGM and Caesars were hit with a type of cyberattack called a ransomware attack. Ransomware is when a hacker takes control of a company’s computer system and locks it out until the company pays a fee to unlock it.
Hackers have increasingly targeted companies that do not take steps to protect their networks. They often seek to steal personal and payment data or use a compromised machine to infect others with ransomware. A ransomware attack can quickly spread through an organization, damaging files and preventing users from accessing systems. Some of the more advanced attacks involve a combination of low-tech social engineering and more sophisticated tools that are harder for businesses to defend against.