Posted on: September 22, 2023, 05:03h.
Last updated on: September 22, 2023, 05:04h.
Nevada Gaming Commissioner Brian Krolicki, who joined the state gaming regulatory in February, is pushing for transparency regarding the recent cyberattacks at MGM Resorts International and Caesars Entertainment casinos. Krolicki believes the commission and potentially the public should be informed about these cybersecurity breaches.
Krolicki, a Republican and former lieutenant governor and state treasurer, replaced Commissioner Ben Kieckhefer. He expressed his desire to learn more about the cyberattacks targeting MGM and Caesars during a five-hour meeting of the Nevada Gaming Commission. These attacks have garnered significant global media attention.
Info Sought
MGM’s operations continue to suffer from a cyberattack on its IT systems that began on September 10.
While most gaming and resort operations have been restored, online bookings for casino hotel rooms are still unavailable. Reservations can only be modified by phone, and guests must check in at the front desk to receive a physical room key due to the ongoing digital entry issue.
Caesars revealed through a filing with the US Securities and Exchange Commission that its Caesars Rewards loyalty program was targeted in August. The company paid a $15 million ransom to the hackers, who agreed to delete the stolen customer data.
Scattered Spider, a criminal cyber gang, has claimed responsibility for both attacks. However, limited information is available about these cybersecurity incidents, prompting Krolicki to call for answers from the commission.
Given the recent events surrounding cybersecurity and ransomware, it would be important and enlightening for the commission to be briefed on what happened. Right now, the priority is to recover and ensure the safety of patrons and systems,” Krolicki stated.
Krolicki added that if appropriate, the public should also be informed about these events. He believes the Nevada Gaming Control Board (NGCB), overseen by the Gaming Commission, should consider implementing updated cybersecurity measures to prevent future attacks.
Reporting Policies
The Nevada Gaming Commission already requires licensed casinos to conduct annual risk assessments of their cybersecurity systems. Additionally, licensees must report any data breaches to the NGCB within 72 hours of discovering the incident.
Krolicki wants to know if MGM and Caesars met the reporting deadline and seeks answers to several unknowns.
There are many questions and significant media attention surrounding these events. It’s a global story, and it would be beneficial for us to understand what happened,” Krolicki concluded.
Chair Jennifer Togliatti stated that since Krolicki’s request was made during the public comment period of the commission’s meeting and was not on the agenda, no action can be taken. The Nevada Gaming Commission’s next meeting is scheduled for October 4.