Following the recent cyberattacks on MGM International and Caesars Entertainment Inc. and few details provided by the companies affected, Nevada Gaming Commissioner Brian Krolicki reportedly asked for details about the hacker attacks faced by the two top-tier gaming and leisure service providers.
Questions Raised:
The request comes after the speculations that the late August cyberattack has ended with Caesars paying $15 million to the cyber intruders, as well as the calculations related to the loss sustained and the ransom money to be paid by MGM after the attack that began on September 10 and ended on September 21.
According to Las Vegas Review-Journal, Gambling Commission’s meeting held on the same day addressed the issue. At the conclusion of the meeting, Brian Krolicki reportedly said: “Right now, the priority is just recover and make sure that patrons are made whole and the systems are secure. But I think at some point in time when there’s the energy and understanding of what just happened if we could get some kind of briefing on what’s transpired that’s appropriate for public record and perhaps a policy going forward.”
MGM and Caesars have revealed few details about the incidents and had no comments on Krolicki’s remarks, according to the source. Though, MGM reportedly said on September 21 that most of its Las Vegas operations got back to normal, with credit card systems back on line. Russia-based hacker gang have reportedly taken credit for the cyberattack that costed the company between $4.2 million and $8.4 million a day. As reported, the damage might have been more extensive, but MGM responded quickly and shut down slot machines.
Alternative System Used During Attack:
MGM spokesman explained that the credit card problem arising from the hacker activity was by-passed by using a dedicated system for the given circumstances. Such a system includes that the credit card names and numbers are written and kept under lock and key to be processed and eventually destroyed at a later time. According to the source, all operations were done manually until the online system was restored. It reportedly raised additional concerns of some guests about a prospective public exposure of their personal data.
Public Comment Period Delays Answers:
There are many questions to be answered, but Krolicki’s request was made during a public comment period and MGM has remained silent about the details of the attack. Krolicki therefore raised further questions before the Commission to be answered for the future reference.
He reportedly asked: “How do we avoid these things if they do happen, what are the reporting schemes? Were they immediately reported to the Gaming Control Board? There are a lot of questions and a lot of publicity. It’s a global story and I just believe it would behoove all of us to get a handle on what just happened.”