Logout

Question of the Day - 13 October 2023

Q:

How does LVA feel about the cyberattacks against MGM Resorts and Caesars Entertainment? I've read your coverage of the news, but I'm really curious about what you guys really think and if it's changed your opinions about either company. 

A:

Good question and thanks for asking. 

We have lots of mixed feelings about the cyberattacks on MGM and Caesars, but ultimately, we can't muster much sympathy for either company.

Yes, any organization is vulnerable to these kinds of hacks, especially when they're not technologically launched, but accomplished via social engineering (human error). And yes, they're huge disruptions to management, employees, and customers. That's certainly regrettable.

Obviously, even the major casino corporations, with their (advertised) all-powerful security-surveillance-tech capabilities, are just as, if not more (these are cases in point), vulnerable than other big businesses. From the pit boss who can spot card counters and cheaters from a mile away (we all know that's mostly hype) all the way to the safeguards that supposedly protect their huge databases, which contain the personal information and vital statistics for millions upon millions of us, apparently their IT personnel and vendors need to step things up.  

We can, however, sympathize with the tens of thousands of MGM patrons, especially out-of-town hotel guests, who had their vacations or business trip massively and tediously disrupted by so many systems going down all at once and, from what we've heard, information dissemination by MGM was sorely lacking.

Even today, even as MGM is declaring that its operations are back to normal, we continue to hear that the express comp system (at the players club kiosks) is still down and some systems at the players club booths themselves remain compromised. As is the case with casinos, and big companies in any business, there are often differences between the official line and the reality.

Finally, a recent editorial in the excellent online news source, the Nevada Independent, helped us crystallize some further undefined and just below-the-surface feelings.

The writer, an IT manager, opined, "Caesars paid the ransom and was allowed to remain open for business, while it quietly swept the leak of customer driver’s license and Social Security numbers into a tartly bureaucratic SEC form. MGM Resorts, by contrast, refused to pay a ransom and suffered visible [and costly] disruptions.

"The past month’s attacks against Caesars and MGM demonstrate that ... paying ransoms is a perfectly economically rational call. Break the numbers down far enough and it might even be cheaper to pay periodic ransoms and issue accompanying filings regarding the breach of customer data to federal regulators than it would to have acceptably robust information security.

"[But] I, for one, am not interested in living in a world where the loss of my personal data is viewed as a routine cost of doing business."

So for casino companies like MGM and Caesars, it's pick your poison: Suffer the highly public consequences of defying the hackers or pay up and quietly sweep the consequences under the rug. It's a devil's choice. Either way, in our minds, it's bad for us, the public, whose financial information is being compromised. And that, ultimately, is all we really care about.

To answer your question directly, our feelings about both companies have been sour for years. While we acknowledge that this wasn't a conscious choice that was made by either, it's yet another in a long line of hard-to-swallow developments that, at a minimum, points to things not being properly prioritized. That's not surprising, and accordingly, leaves our opinion of MGM and Caesars unchanged.

 

No part of this answer may be reproduced or utilized in any form or by any means, electronic or mechanical, without the written permission of the publisher.

Have a question that hasn't been answered? Email us with your suggestion.

Missed a Question of the Day?
OR
Have a Question?
Tomorrow's Question
Has Clark County ever considered legalizing prostitution?

Comments

Log In to rate or comment.
  • Vegas Fan Oct-13-2023 
    Paying random
    What does lva think about"paying ransom"? I'm not sure how i feel. It's morally repugnant, but better from a business standpoint.
  • Mike Oct-13-2023 
    I blame 6-5 BJ
    Hackers don't like 6-5.  Bring back 3-2 live tables for under $50!
  • Kevin Rough Oct-13-2023 
    Just Yesterday
    Just yesterday, approximately a month into this, and I finally can log into the MGM website to see my comps and tier status progress.  I am Gold with MGM Rewards and am seriously considering severing ties.  But I am not sure if any other casino company takes securing my personal data more seriously.
  • Sandra Ritter Oct-13-2023 
    But what to do?
    Decades ago I stayed at MGM and did my gambling there, till I switched to the then Harrahs' properties and now Caesars Entertainment. I'm vulnerable from both hacks. What am I now supposed to do to protect my credit and identity?  (I did freeze my credit years ago. I hope that helps.)
  • Bryan Carr Oct-13-2023 
    The Mob
    Things would be different if the mob still ran the casinos. A hit would have been put on those hackers.
  • David Miller Oct-13-2023 
    The Borg
      One of the many disadvantages of being a part of the Borg.
  • jay Oct-13-2023 
    Cyber Insurance
    Cyber Insurance against ransomware is a thing. In addition to this being costly, there are a number of significant of "IT Key Controls" that they demand be in place such as comprehensive procedures for patch management, imutable backups, two factor authentication, web interfaces need to be protected by HTTPS (not just HTTP) and certifcates. In short this makes companies better and more insulated from an attack to begin with. Given the cash flow of the casinos they likely self insure everything. 

I am less concerned about the $$ (pay or don't pay) but I am concerned where the $$ are going. Is it Russia, China, North Korea ? the latter needs hard dollars, Hammas who are religious fanatical goat f**ers  have recently been shown to have been armed by Russia. The leading theory is to distract the world from supplying Ukraine. 

The only thing worse than a terrorist is a well funded terrorist.
  • LynGHS Oct-13-2023 
    Anybody else have this happen?
    Ever since they day before the hacks went public, the Malwarebytes program on my laptop has alerted me numerous times a day that exploits/threats have been blocked. This has NEVER happened to me before, so I cannot help but wonder if this is tied to the hack. I have been a player at MGM for 15 years and was a player at Harrah's prior to that (I stopped playing there in 2009). Wondering if anyone else has experienced this.
  • John Goodale Oct-13-2023 
    Still Working On It
    As of yesterday, though I can now see my tier information, MGM's reward desks apparently can't--so the $100 celebration dinner is still not available for those who've earned it, as of yesterday.
  • Jeff Oct-13-2023 
    @Jay
    Secure webpages became standard more than 10 years before cyberinsurance and ransomware after a simple exploit was discovered that anyone could do at any public Wifi by stealing a Wifi user's cookies that were at that time sent in plain text. It was called Firesheep.

Certificates are what https uses, so they aren't two different methods of securing webpages as you suggested.

The basic problem has always been that the internet began as a trusted network and all the security required for today's commerce and billions of users has had to have been grafted onto the original internet which was only used by a handful of research, university, and government entities all of whom knew and trusted each other.

Social engineering gets around many of the technological solutions companies use to harden their sites. Social engineering is widely believed to have been how hackers managed to break into MGM and Caesar's.
  • Thomas Dikens Oct-13-2023 
    Monoplly 
     & Caesars have turned into a sort of Monopoly, at least on the  the strip.  A lot of problems would be solved if the feds would break them up.  Might end the gouge.  One Casino, one owner sure would be pro competition.
  • Louis666 Oct-13-2023 
    Ransom
    rasom provides no insurance that it won't be done again.Those who pay the ransom merely fund the ransomers. Spend the money  instead to secure  your information properly.
  • PaulaNH Oct-13-2023 
    Paying ransom
    Paying ransom (albeit many more $$$$) doesn’t sound much different than paying “protection” (MOB years). At least the protection got you protection. AND, customers were treated so much better then……sigh…… Those WERE the days. Just one more reason I don’t do membership cards or corporate casinos anymore.
  • Deke Castleman Oct-13-2023 
    This in via email
    You did not mention the thousands of loyal employees that went weeks without pay and accrued bank overdraft charges for their auto-pay bills. These people have not even received an apology from management.
  • asaidi Oct-13-2023 
    Email notification
    Coincidentally, I received an email from Caesars Entertainment today that my information may have been accessed by the hack and what I should do about it.
  • Douglas Oct-23-2023 
    VGK fan
    Just got an email from Caesars about the situation giving me two years of credit monitoring and identity protection services through TransUnion.

Stay in Touch

 

Huntington Press

3665 Procyon St.

Las Vegas, NV 89103

 

Local: 702-252-0655

Toll-free: 800-244-2224

Fax: 702-252-0675

Email: [email protected]

 

Business Hours

Mon-Fri 9am to 5pm

 

Join our Mailing List

Explore

 

Site Map


Shop

 

Popular Content

QoD

Las Vegas Buffets

Webcams

Gambling FAQ

Top Ten Values

LVA Newsletter

 

Company

 

About Us

Member Benefits

Terms & Privacy

Contact Us

 

Sister Sites:

ToplessVegasOnline.com

 

Media

 

Advertise

 

Become a Member Rewards Partner

 

Become an Affiliate

Copyright 1983-2020