STATESIDE “I’m at the age where many of these systems weren’t


automated to begin with. You suddenly find yourself going this is what you need to do at the front desk. This is what you need to do here. It was an interesting cultural moment for the company,” said Hornbuckle. In other words, he concluded many MGM team members


were inadequately trained in the “old” ways. Going beyond pushing a button or keystroke was outside their readiness. Youth has its advantages, but a total reliance on technology invites failure. What may ultimately be more damaging than the financial


hit is the access these cyber crooks gained to customers’ personal information for any transactions with MGM since March 2019. According to a federal Securities and Exchange Commission (SEC) filing, the breach that paralyzed the reservations system stopped visitors from gambling or entering their rooms. The actual data theft included customers’ names, contact


information, gender, birth dates and drivers’ license numbers. Fewer people had their Social Security and passport information stolen. Identity theft is devastating as resolution can take months


or years. Typically, most companies offer monitoring assistance. Cyberattacks in all areas of commerce and education have


traditionally involved monetary ransom. Caesars had also confronted a hacking breach the week prior to MGM, but reacted differently. The Wall Street Journal reported Caesars did pay $15 million of the alleged $30 million demand. As more victims refuse to pay, hackers have changed their


two isolated instances of possible criminal technological hacking. They occurred well before MGM Resorts International


experienced a serious computer breach this past September. Scattered Spider, also called UNC3944, perpetrated these break-ins and acknowledged stealing six terabytes of data from the MGM’s systems. I admit to not understanding the measurement, but by definition, even one terabyte is a huge amount of data. So, who is Scattered Spider? Fortune magazine describes a


threatening organization of U.S. and U.K.-based hackers, some only 19 years old. Few events happen in a vacuum as true coincidences. It


was foreseeable that gaming’s global reach would make it a prime cyberattack target. MGM became its latest casino victim. In Las Vegas, 12 Strip


hotel properties went “dark” for days. The telephones, casino system, hotel system and key system, among other operational processes, shut down. The disruption will cost MGM an estimated $100 million in


losses, plus approximately $10 million in maintenance and repair expenses. Although Las Vegas bore the brunt of the damage, the repercussions also reached properties nationwide like their successful Borgata in Atlantic City. At G2E, MGM CEO & President Bill Hornbuckle, age 62, said,


“It’s corporate terrorism at its finest. We don’t wish this on anybody.” Hornbuckle’s fascinating analysis of his staff’s readiness


revealed a generational gap between those who can basically click on keyboards and those with a thorough understanding of procedures to then complete the tasks manually. It’s called thinking on your feet, which is sadly a foreign concept to many.


10 NOVEMBER 2023


methods and attacked personal data. MGM followed the advice of the Federal Bureau of Investigation (FBI) and refused to pay any price. Good for them. They were well along the way to fixing the problem and resume operations days before they received any ransom demands. Hacking is the corporate equivalent to kidnapping and demanding money in exchange for releasing the victim. Kidnapping became a federal crime in America in 1934, following the 1932 abduction and murder of pioneering aviator Charles Lindburgh’s 20-month-old son Charles Jr. MGM and Caesars will rely on cyber insurance policies to


cover much of the financial damage. Looking ahead, the consequences of these two events may be more cautious, revised pricing and terms required by insurance groups. Guy Carpenter & Co LLC, the reinsurance brokerage of giant


Marsh & McLennon Cos, Inc., stated that “the recent headline- grabbing attacks on these Las Vegas casino resorts will again heighten the industry’s attention to the ongoing threat from ransomware groups.” After an initial wave of ransomware attacks in 2019,


insurance payouts brought significant price increases that continued to rise. Conditions had since quieted down and Carpenter’s analysis report cited changes. It claimed “cyber hygiene has since restored confidence to the cyber insurance industry and attracted new capacity.” I hope law enforcement prosecutes these lowlife thieves


with long prison sentences. It is serious stuff and may deter the next group. While some argue that others will always fill that space, at least this despicable bunch will be out of commission. They are a clear and present danger to society. They inflict financial and emotional pain on millions rather than harming a single victim.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76