• Subscribe
  • Magazines
  • About
  • Contact
  • Advertise
Saturday 31 May 2025
  • zh-hant 中文
  • ja 日本語
  • en English
IAG
Advertisement
  • Newsfeed
  • Mag Articles
  • Video
  • Opinion
  • Tags
  • Regional
    • Africa
    • Australia
    • Cambodia
    • China
    • CNMI
    • Europe
    • Hong Kong
    • India
    • Japan
    • Laos
    • Latin America
    • Malaysia
    • Macau
    • Nepal
    • New Zealand
    • North America
    • North Korea
    • Philippines
    • Russia
    • Singapore
    • South Korea
    • Sri Lanka
    • Thailand
    • UAE
    • Vietnam
  • Events
  • Contributors
  • SUBSCRIBE FREE
No Result
View All Result
IAG
  • Newsfeed
  • Mag Articles
  • Video
  • Opinion
  • Tags
  • Regional
    • Africa
    • Australia
    • Cambodia
    • China
    • CNMI
    • Europe
    • Hong Kong
    • India
    • Japan
    • Laos
    • Latin America
    • Malaysia
    • Macau
    • Nepal
    • New Zealand
    • North America
    • North Korea
    • Philippines
    • Russia
    • Singapore
    • South Korea
    • Sri Lanka
    • Thailand
    • UAE
    • Vietnam
  • Events
  • Contributors
  • SUBSCRIBE FREE
No Result
View All Result
IAG
No Result
View All Result

OPINION: The MGM Resorts casino hack … where was the regulator?

David Green by David Green
Sun 12 Nov 2023 at 23:09
MGM Resorts to acquire remaining 50% CityCenter stake, sell to Blackstone
32
SHARES
800
VIEWS
Print Friendly, PDF & Email

The hacking of MGM Resorts’ computer and data storage systems in September last reportedly cost the group around US$100 million in EBITDAR, according to its SEC filing dated October 5, 2023. Having personally experienced the impact of the cyberattack, I believe it would have suffered even greater losses, but for the apparent slow response of its casino regulator, the Gaming Control Board. Let me explain.

I checked into MGM’s Aria property on the Las Vegas strip on 12 September, having stayed there, without incident, a week earlier. While travelling from Utah back to the property, I heard a radio report that Strip properties operated by MGM has been the target of a large scale cyberattack. It came as no surprise, therefore, that check-in was chaotic, as staff had to complete formalities manually. Clearly additional personnel had been drafted in to deal with reams of computer printouts containing reservation details, which had to be consulted and cross-checked with customer ID. Quite an undertaking for a property with around 4000 rooms! In the circumstances the front desk folk could not be faulted for their performance.

On walking through the casino to the elevators (which incidentally were staffed by employees to mitigate the risk of patrons being stuck in them), ATMs and machines and tables all appeared to be functioning normally. This was a contrast with the hotel’s bars which by that time were cash only, and no room charges. Several hours later, while sat at a bar adjacent to the gaming floor, I noticed a number of people sitting at machines with tower lights illuminated, apparently waiting for a machine re-set or a hand-pay. To get a better appreciation of what was happening, I played a 10c TITO machine, cashing out, or rather attempting to when I had a small win. No ticket was forthcoming. The tower light illuminated so I sat waiting for an attendant to hand-pay my winnings (about US$50).

After 20 minutes, nearby patrons told me I would likely be waiting two to three hours as there was only one attendant known to be servicing the entire floor.

Had I won say US$5000 and had a spare two to three hours, I would likely have waited around. In fact someone had won US$2,500, a problematic amount considering tax needs to be withheld on wins of US$1,200 or more and the win reported to the IRS. Another player had won US$600 but had a work commitment which made it impossible for him to wait for such an extended period for his pay-out. Like me, he did not have an MGM Player card, and even if he did, there could be no certainty that it had recorded his play.

Returning to the scene some two hours later after dinner, it appeared that all machines on the floor had been shut down. The machine I had played had been cleared, raising the question as to how I could claim my winnings. I had no evidence that I had won; no screenshot, no player card, and no third party record of it. Unlike the two other winners I mentioned previously, my win was immaterial, but it did set me thinking … where was the Gaming Control Board (GCB) while this was going on?

Later that evening I sent an email to GCB asking why MGM had continued to operate its slot machines. By the time I played the machine in question, MGM must have known that the TITO system was not functioning, either reliably or, more likely, at all. I put the following to the GCB:

“If MGM Resorts knew, or should have known that its machines could not issue tickets for winnings, why was it allowed to continue to operate its gaming machines? To me, it is an egregious violation of the rules and /or spirit of game fairness… Where was GCB in all of this?”

The next day, I received a response to the effect that the attack on MGM Resorts was unprecedented, and that the GCB was working with the company to remedy the situation.

With respect to the GCB, cyberattacks are hardly “unprecedented”; in fact, they are a pervasive business risk, the likelihood and severity of which many corporates have under-estimated to their great cost, both monetary and reputational. Any risk and Audit Committee of a listed corporation which does not have this risk at or near the top of its list is not doing its job.

I replied to GCB, not wishing to let it off the hook quite so readily when it came to machines that had been cleared with money still owed to players:

“How does MGM propose to track and reimburse them, when there is no record that I am aware of as to who won what? Taking photos is obviously not an option; apart from re-visiting the gaming floor and physically identifying a machine which registered a win, how else does the company propose to identify players owed winnings…through surveillance? To me, the bottom line is that the machines should never have been allowed to operate until the precise nature of the risk and its impact had been determined. It is interesting that many of the machines on the floor were turned off later the same evening. Rather too late for many.”

I received no response. Perhaps that is understandable; the State of Nevada collects tax on the gross gaming revenue of its licensees, and even at 6.75% that gives it a real interest in seeing GGR maximised. According to the Nevada Department of Taxation, MGM Resorts is by a considerable margin the largest taxpayer in Nevada.

Most players are likely vacationers or convention delegates from out of State or country, so why should GCB concern itself and deploy resources to monitor and direct how those people are identified and compensated?

The obvious rejoinder is, because that is its role! It should be protecting players, given that is an essential underpinning of the Nevada gaming law. I attribute no malice to anyone involved, just complacency and under-preparedness.

RelatedPosts

Inaugural WSOP Online breaks online poker records after annual Las Vegas series postponed in 2020

2025 World Series of Poker festival gets underway in Las Vegas today

Tue 27 May 2025 at 07:14
Fitch: Light & Wonder to meet reduced EBITDA leverage target by 2024

Analysts upbeat on Light & Wonder’s new US$2 billion EBITDA target for 2028

Thu 22 May 2025 at 06:31
MGM looking to win hearts in Osaka with May IR exhibit

MGM Resorts calls on Thailand to ensure competitive tax rate, access for locals

Thu 22 May 2025 at 05:59
Light & Wonder sets new US$2 billion Adjusted EBITDA target for 2028

Light & Wonder sets new US$2 billion Adjusted EBITDA target for 2028

Wed 21 May 2025 at 05:31
Load More
Tags: Aria Resort and CasinocybersecurityhackersMGM ResortsNorth America
Share13Share2
David Green

David Green

The founder of Newpage Consulting, David Green has advised on casino regulation in a number of geographies including New Zealand, Singapore, Macau, Cambodia and Japan. He served as Presiding Member of the Independent Gambling Authority in South Australia prior to relocating to Macau in 2001.

Current Issue

Editorial – Foreigner-only casinos: Seize the day

Editorial – Foreigner-only casinos: Seize the day

by Ben Blaschke
Thu 29 May 2025 at 13:38

I was recently asked by someone working at a foreigner-only casino for my thoughts on the outlook for the Asian...

On the brink

On the brink

by Pierce Chan
Thu 29 May 2025 at 13:27

The transition period for Macau’s 11 satellite casinos is set to expire at the end of this year, after which...

A moral defense of gambling

A moral defense of gambling

by Andrew Russell
Wed 28 May 2025 at 18:19

Economist Andrew Russell explores the differences between community benefit and in-principle arguments for the existence of a legal gambling industry...

Face to face

Face to face

by Ben Blaschke
Wed 28 May 2025 at 18:08

Konami caught the eye at the recent G2E Asia show in Macau with its SYNK Vision Tables, which utilize facial...

Evolution Asia
Aristocrat
GLI
Mindslot
Mindslot
Solaire
Hann
Tecnet
Nustar
Jumbo

Related Posts

10 Years Ago – Reimagining Sri Lanka

Sri Lanka gazettes draft bill to establish Gambling Regulatory Authority

by Newsdesk
Sat 31 May 2025 at 06:03

A draft bill that would establish an official regulator for the Sri Lankan gaming industry, to be known as the Gambling Regulatory Authority, has taken another step forward after being gazetted. According to the Sri Lanka Mirror, the official announcement...

RGB International signs agreement to distribute KL Saberi and Atlas gaming machines

After record-breaking sales in 2024, Malaysia’s RGB sees 1Q25 profit fall to

by Newsdesk
Sat 31 May 2025 at 05:53

Malaysian gaming product distributor RGB International Bhd has reported group-wide revenue of MYR73.6 million (US$17.3 million) for the three months to 31 March 2025, down 65% year-on-year due to a lower number of products sold. The figure was also 79%...

Robert Goldstein to step aside as LVS Chairman and CEO from March 2026, replaced by Patrick Dumont

Robert Goldstein: Macau gaming market challenged by increased competition, online gambling and US-Sino trade war

by Ben Blaschke
Fri 30 May 2025 at 06:42

Las Vegas Sands (LVS) Chairman and CEO Robert Goldstein has bemoaned the lingering impact of the US-China trade war, as well as increased domestic and regional competition and the rise of online gambling across Asia for sustained flatness in the...

Industry hopes Thai Entertainment Complex Roundtable can establish “common ground” with those opposing legal casinos

Industry hopes Thai Entertainment Complex Roundtable can establish “common ground” with those opposing legal casinos

by Ben Blaschke
Fri 30 May 2025 at 05:38

Industry figures taking part in the Thai Entertainment Complex Roundtable (TECR) next Thursday 5 June hope to find common ground with those who oppose Thailand’s Entertainment Complex Bill, citing the opportunity to use an evidence-based approach to achieve outcomes that...



IAG

© 2005-2024
Inside Asian Gaming.
All rights reserved.

  • SUBSCRIBE FREE
  • NEWSFEED
  • MAG ARTICLES
  • VIDEO
  • OPINION
  • TAGS
  • REGIONAL
  • EVENTS
  • CONSULTING
  • CONTRIBUTORS
  • MAGAZINES
  • ABOUT
  • CONTACT
  • ADVERTISE

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Subscribe
  • Newsfeed
  • Mag Articles
  • Video
  • Opinion
  • Tags
  • Regional
  • Events
  • Contributors
  • Magazines
  • Advertise
  • Contact
  • About
  • Home for G2E Asia

© 2005-2024
Inside Asian Gaming.
All rights reserved.

  • English