Abstract
Cybersecurity is becoming increasingly important in the hospitality industry, particularly for large, integrated resorts that service a high volume of customers per year. Cyberattacks upon these venues results not only in loss of immediate revenue, but may also include disruption of operations, loss of customer trust, and damage to the resort’s brand name. The Las Vegas resort corridor on the Strip presents a unique environment in hospitality cybersecurity, in which the high concentration of integrated resorts renders this location a particular target for hackers. This case examines cyberattacks upon two high-profile Las Vegas integrated resort companies, MGM Grand and Caesars Entertainment, that occurred in 2023. The after-effects of each resort’s crisis management processes and remediation decisions are examined in detail. Implications for hoteliers and the hospitality industry are also discussed.
Get full access to this article
View all access options for this article.
References
1.
Ahn
J.
Back
K. J.
(2018 ). Integrated resort: A review of research and directions for future study . International Journal of Hospitality Management , 69 , 94 –101 .
2.
Bachmann
R.
Gillespie
N.
Priem
R.
(2015 ). Repairing trust in organizations and institutions: Toward a conceptual framework . Organization Studies , 36 (9 ), 1123 –1142 .
3.
Bozic
B.
(2017 ). Consumer trust repair: A critical literature review . European Management Journal , 35 (4 ), 538 –547 .
4.
Burgess
M.
(2020 ). What is GDPR? The summary guide to GDPR compliance in the UK . WIRED . https://www.wired.com/story/what-is-gdpr-uk-eu-legislation-compliance-summary-fines-2018/
5.Caesars Entertainment, Inc . (2023 ). Form 8-K . https://www.sec.gov/ix?doc=/Archives/edgar/data/0001590895/000119312523235015/d537840d8k.htm
6.Carnegie Mellon University . (2023 ). Social engineering . Cmu.edu . https://www.cmu.edu/iso/aware/dont-take-the-bait/social-engineering.html
7.
Caversan
F.
(2024 ). Cybersecurity and the AI arms race in a landscape of emerging threats . Forbes . https://www.forbes.com/councils/forbestechcouncil/2024/01/25/cybersecurity-and-the-ai-arms-race-in-a-landscape-of-emerging-threats/
8.Cerby . (n.d.). The state of employee trust: Zero trust is only for data, not employees-volume 1 . Cerby . https://www.cerby.com/
9.
Collier
K.
(2023 a). How effective are credit monitoring services? NBC News . https://www.nbcnews.com/tech/security/effective-are-credit-monitoring-services-rcna103372
10.
Collier
K.
(2023 b). Caesars entertainment says it was also a victim of a cyberattack . NBC News . https://www.nbcnews.com/tech/security/caesars-entertainment-says-was-also-victim-cyberattack-rcna105050
11.
Demirciftci
T.
Bilgihan
A.
Erdem
M.
Baloglu
S.
(2024 ). Examining the role of personality traits in guestroom technologies . Journal of Hospitality and Tourism Insights , 7 (1 ), 352 –370 .
12.Digicert (2024 ). 2024 state of digital trust report . Digicert.com . https://www.digicert.com/campaigns/digital-trust-survey
13.
Draper
D.
(2023 ). Regaining customer trust after a data breach—and the fallout if a company fails . Hospitality Technology . https://hospitalitytech.com/regaining-customer-trust-after-data-breach-and-fallout-if-company-fails
14.
Elphick
D.
(2024 ). Cyber security in the hospitality industry . SiteMinder . https://www.siteminder.com/r/cyber-security-hospitality-industry/#:~:text=In%20the%20hospitality%20industry%2C%20adhering,for%20safeguarding%20sensitive%20customer%20data
15.
Erdem
M.
Atadil
H. A.
Nasoz
P.
(2019 ). Leveraging guest-room technology: A tale of two guest profiles . Journal of Hospitality and Tourism Technology , 10 (3 ), 255 –268 .
16.
Erdem
M.
Cappiello
R. F.
(2022 ). 2022 lodging technology study: Redefining the guest experience . Hospitality Technology Magazine . https://hospitalitytech.com/2022-lodging-technology-study?from=gate
17.Forrester . (2023 ). Consumer trust: A key driver for business growth in 2023 . Forbes . https://www.forbes.com/sites/forrester/2023/06/29/consumer-trust-a-key-driver-for-business-growth-in-2023/?sh=3b8567197d8f
18.
Goswami
R.
(2023 ). MGM resorts says cyberattack could have material effect on company . NBC News . https://www.cnbc.com/2023/09/13/mgm-resorts-cyberattack-and-outage-stretches-into-third-day.html
19.
Goswami
R.
Brewer
C.
(2023 , September 15 ). Caesars paid millions in ransom to cybercrime group prior to MGM hack . CNBC . https://www.cnbc.com/2023/09/14/caesars-paid-millions-in-ransom-to-cybercrime-group-prior-to-mgm-hack.html
20.
Gros
R.
(2022 , August 1 ). The future of integrated resorts | Casino style magazine . Casino Style Magazine . https://casinostylemagazine.com/article/the-future-of-integrated-resorts/
21.
Herath
T.
Rao
H. R.
(2009 ). Protection motivation and deterrence: A framework for security policy compliance in organisations . European Journal of Information Systems , 18 , 106 –125 .
22.
Hertzfeld
E.
(2023 ). Report: 31% of hospitality organizations have had a data breach . Hotel Management . https://www.hotelmanagement.net/tech/report-31-hospitality-organizations-have-had-data-breach
23.
Hertzfeld
E.
(2024 ). 61% of consumers will spend more for personalized experiences . Hotel Management . https://www.hotelmanagement.net/data-trends/61-consumers-will-spend-more-personalized-experiences
24.HNN . (2020 , April 7 ). Timeline: The growing number of hotel data breaches . CoStar . https://www.costar.com/article/139958097/timeline-the-growing-number-of-hotel-data-breaches
25.
Hsu
H.
Tseng
K. F.
(2022 ). Facing the era of smartness: Constructing a framework of required technology competencies for hospitality practitioners . Journal of Hospitality and Tourism Technology , 13 (3 ), 500 –526 .
26.ISS Insights . (2023 ). MGM cyber breach: Rethinking the odds . ISS Insights . https://insights.issgovernance.com/posts/mgm-cyber-breach-rethinking-the-odds/
27.Keepnet Lab . (2023 ). Unraveling the MGM resorts cyberattack—a comprehensive analysis . LinkedIn . https://www.linkedin.com/pulse/unraveling-mgm-resorts-cyberattack-comprehensive-analysis/
28.
Kelleher
S.R.
(2022 ). Data breach takes down IHG hotel group booking system, impacting Holiday Inn, Kimpton And More . Forbes . https://www.forbes.com/sites/suzannerowankelleher/2022/09/07/data-breach-ihg-hotel-booking-holiday-inn-kimpton/?sh=a84a6eb69fa1
29.
Khatri
M.
(2023 , August 2 ). The human element is the weakest link in cybersecurity . LinkedIn . https://www.linkedin.com/pulse/human-element-weakest-link-cybersecurity-mousam-khatri/
30.
Kottapalli
P.
(n.d.). Check please! how restaurant, retail and hospitality businesses are managing cybersecurity risks . FreedomPay . https://corporate.freedompay.com/wp-content/uploads/2021/11/CyberSecurity_FreedomPayCornell_WhitePaper_Final.pdf
31.
Lapienyte
J.
(2022 ). Twilio data breach: It all started with a vishing phone call . Cybernews . https://cybernews.com/news/twilio-breach-vishing/
32.
Langeland
J.
(2023 ). GDPR in the US: Compliance simplified for businesses . Termly . https://termly.io/resources/articles/gdpr-in-the-us/
33.
Law
M.
(2023 ). Trustwave report on hospitality industry security threats . Cybermagazine.com . https://cybermagazine.com/articles/trustwave-report-on-hospitality-industry-security-thre ats
34.
Lepe
B.
(2023 , March 14 ). Council post: From zero trust to employee trust: A new approach to cybersecurity . Forbes . https://www.forbes.com/sites/forbestechcouncil/2023/03/13/from-zero-trust-to-employee-trust-a-new-approach-to-cybersecurity/?sh=47a510a6277c
35.
Li
D. K.
(2023 ). Las Vegas still struggling against hackers as the weekend arrives . NBC News . https://www.nbcnews.com/news/us-news/las-vegas-mgm-cyberattack-hackers-weekend-rcna105337
36.
Li
L.
He
W.
Xu
L.
Ash
I.
Anwar
M.
Yuan
X.
(2019 ). Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior . International Journal of Information Management , 45 , 13 –24 .
37.
Ludynia
A.
(2024 , June 27 ). The Dark Side of Data: How PMS providers should handle your guest’s information . Hospitalitynet . https://hospitalitynet.org/opinion/4122615.html
38.Las Vegas Convention and Vistors Authority (LVCVA) . (n.d.). Historical Visitor Statistics: 1970–2023 . LVCVA . https://res.cloudinary.com/simpleview/image/upload/v1709245093/clients/lasvegas/Las_Vegas_Historical_1970_to_2023_955bc042-3fec-40a3-a91b-a24533f6ae5f.pdf
39.Oracle . (2024 ). Hospitality in 2025: Automated, intelligent…and more personal . Skift and Oracle Hospitality . https://www.oracle.com/hospitality/hospitality-in-2025-report/
40.
Manson
K.
Tarabay
J.
(2023 ). MGM resorts says it shut down some systems after cyberattack . Bloomberg . https://www.bloomberg.com/news/articles/2023-09-11/mgm-resorts-says-it-shut-down-some-systems-following-cyberattack
41.
McCarthy
K.
(2024 , April 8 ). Cybersecurity expert shares what guests, hotels should know in wake of Omni breach . ABC News . https://abcnews.go.com/GMA/Travel/cybersecurity-expert-shares-guests-hotels-wake-omni-breach/story?id=109001411
42.
Morrison
S.
(2023 ). MGM cyber attack: How a phone call may Have led to the ongoing hack . Vox . https://www.vox.com/technology/2023/9/15/23875113/mgm-hack-casino-vishing-cybersecurity-ransomware
43.
Murphy
M.
(2023 ). MGM hackers waited for days before issuing their ransom demands . Insurance Journal . https://www.insurancejournal.com/news/national/2023/10/13/744088.htm
44.
Page
C.
(2022 ). Hotel giant IHG blames cyberattack for booking systems outage . TechCrunch . https://techcrunch.com/2022/09/07/ihg-hotels-outage-cyberattack/?guccounter=1
45.
Perlroth
N.
Tsang
A.
Satariano
A.
(2018 ). Marriott hacking exposes data of up to 500 million guests . The New York Times . https://www.nytimes.com/2018/11/30/business/marriott-data-breach.html
46.
Powell
O.
(2022 a). IOTW: Marriott international suffers latest in series of data breaches . Cyber Security Hub . https://www.cshub.com/attacks/news/iotw-marriott-international-suffers-latest-in-series-of-major-data-breaches?trk=article-ssr-frontend-pulse_little-text-block
47.
Powell
O.
(2022 b). IHG booking systems disrupted in cyber attack . Cyber Security Hub . https://www.cshub.com/attacks/news/ihg-booking-systems-disrupted-in-cyberattack?trk=article-ssr-frontend-pulse_little-text-block
48.
Powell
O.
(2023 c). A full timeline of the MGM resorts cyber attack . Cyber Security Hub . https://www.cshub.com/attacks/news/a-full-timeline-of-the-mgm-resorts-cyber-attack
49.
Prabhu
B. A.
Dani
R.
Bhatt
C.
(2023 ). A study of the challenges faced by the hotel sector with regards to cyber security . In
Vats
S.
Sharma
V.
Singh
K.
Gupta
A.
Bordoloi
D.
Garg
N.
(Eds.), Automation and computation (pp. 284 –294 ). CRC Press .
50.
Refati
R.
(2023 ). The dark roulette a timeline of cyberattacks on Casinos 2023 . Cyberwarzone . https://cyberwarzone.com/the-dark-roulette-a-timeline-of-cyberattacks-on-casinos-2023/#2014_Las_Vegas_Sands_%E2%80%93_The_40_Million_Catastrophe
51.
Reichheld
A.
Dunlop
A.
(2022 ). 4 questions to measure—and boost—customer trust . Harvard Business Review . https://hbr.org/2022/11/4-questions-to-measure-and-boost-customer-trust
52.Reuters . (2023 ). Casino giant MGM expects $100 million hit from hack that led to data breach . CNN . https://www.cnn.com/2023/10/05/business/mgm-100-million-hit-data-breach/index.html
53.
Ritter
K.
(2023 ). MGM resorts computers back up after 10 days as analysts eye effects of casino cyberattacks . AP News . https://apnews.com/article/vegas-mgm-resorts-caesars-cyberattack-shutdown-a01b9a2606e58e702b8e872e979040cc
54.
Ryder
B.
(2018 ). Getting a handle on a scandal . The Economist . https://www.economist.com/business/2018/03/28/getting-a-handle-on-a-scandal
55.
Sabin
S.
, (2023 , September 14 ). Caesars entertainment is latest casino chain to confirm it was hit by a cyberattack . Axios . https://www.axios.com/2023/09/14/caesars-entertainment-is-latest-casino-chain-to-confirm-it-was-hit-by-a-cyberattack
56.
Sampson
A.
(2023 , October 12 ). After cyberattacks crippled casino companies, how vulnerable is Las Vegas? Las Vegas Weekly . https://lasvegasweekly.com/news/2023/oct/12/after-cyberattacks-how-vulnerable-is-las-vegas/
57.
58.
Saraf
S.
Soinski
D.
(2022 ). The future of resorts, gaming and entertainment is closer than you think . jpmorgan.com/payments . https://www.jpmorgan.com/content/dam/jpm/treasury-services/documents/jpm-digital-transformation-resorts-gaming-entertainment.pdf
59.
Schappert
S.
(2023 a). Caesars ransom attack linked to MGM, tens of millions paid to hackers . Cybernews . https://cybernews.com/security/caesars-palace-mgm-ransomware-attack-confirmed/
60.
Schappert
S.
(2023 b). MGM says its recovered from cyberattack, employees tell different story . Cybernews . https://cybernews.com/news/mgm-touts-cyber-attack-recovery-on-track-employees-tell-different-story/#:~:text=MGM%20Resorts%20says%20all%20its,keeping%20them%20in%20the%20dark
61.
Schaal
D.
(2023 , December 5 ). Hackers target Booking.com partners with dark web ads to steal from Customers . Skift . https://skift.com/2023/12/05/hackers-target-booking-com-partners-with-dark-web-ads-to-steal-from-customers/
62.
Schappert
S.
(2023 c). Titans in crisis: Unraveling the MGM and Caesars ransomware timeline . Cybernews . https://cybernews.com/security/mgm-caesars-ransomware-attack-timeline/
63.Securestay . (2020 ). The history of hotels cyber attacks . Medium . https://securestay.medium.com/the-history-of-hotels-cyber-attacks-4b6a09c8bf30
64.Security Magazine . (2024 ). 66% of consumers would not trust a company following a data breach . Securitymagazine.com . https://www.securitymagazine.com/articles/100296-66-of-consumers-would-not-trust-a-company-following-a-data-breach
65.
Seger-Guttmann
T.
Gilboa
S.
(2023 ). The role of a safe service environment in tourists’ trust and behaviors–the case of terror threat . Journal of Hospitality and Tourism Management , 55 , 187 –197 .
66.Shred-it . (2018 ). Information security trends & analysis . Shred-it . https://www.shredit.com/en-us/resource-center/original-research/security-tracker-2018?utm_source=Press-Release&utm_medium=Media&utm_campaign=DPR2019&utm_content=byline-hospitality-technology
67.Shred-it . (2020 ). Shred-it data protection report . Shred-it Data Protection Report . https://www.shredit.com/content/dam/shred-it/global/documents/Shred-it_2020-Data-Protection-Report_US.pdf.coredownload.inline.pdf
68.SimplifIT . (2023 , August 28 ). How cyber attacks affect your employees . LinkedIn . https://www.linkedin.com/pulse/how-cyber-attacks-affect-your-employees-simplifit-llc/
69.
Singh
A. J.
Kasavana
M. L
. (2005 ). The impact of information technology on future management of lodging operations: A Delphi study to predict key technological events in 2007 and 2027 . Tourism and Hospitality Research , 6 (1 ), 24 –37 .
70.
Smith
M.
Ceni
A.
Milic-Frayling
N.
Shneiderman
B.
Mendes Rodrigues
E.
Leskovec
J.
Dunne
C.
(2010 ). NodeXL: A free and open network overview, discovery and exploration add-in for Excel 2007/2010/2013/2016 from the Social Media Research Foundation . https://www.smrfoundation.org
71.
Stutz
H.
(2023 ). After MGM and Caesars hacks, cybersecurity experts warn “anybody is vulnerable.” The Nevada Independent . https://thenevadaindependent.com/article/after-mgm-and-caesars-hacks-cybersecurity-experts-warn-anybody-is-vulnerable
72.
Robinson
B.
(2021 , September 7 ). New study shows a lack of trust between employees and employers . Forbes . https://www.forbes.com/sites/bryanrobinson/2021/09/05/new-study-shows-a-lack-of-trust-between-employees-and-employers/?sh=66032f02395b
73.
Rosencrance
L.
(2020 ). Two-factor authentication (2FA) . TechTarget Security . https://www.techtarget.com/searchsecurity/definition/two-factor-authentication
74.
Ross
M.
(2023 ). MGM, Caesars face class-action lawsuits over cyberattacks . Las Vegas Review-Journal . https://www.reviewjournal.com/business/casinos-gaming/mgm-caesars-face-class-action-lawsuits-over-cyberattacks-2910637/
75.
Ter Huurne
M.
Ronteltap
A.
Corten
R.
Buskens
V
. (2017 ). Antecedents of trust in the sharing economy: A systematic review . Journal of Consumer Behaviour , 16 (6 ), 485 –498 .
76.
Tidy
J.
(2022 ). IHG hack: “Vindictive” couple deleted hotel chain data for fun . BBC News . https://www.bbc.com/news/technology-62937678
77.Tsaaro Consulting . (2023 , November 3 ). Data privacy & hospitality industry . LinkedIn . https://www.linkedin.com/pulse/data-privacy-hospitality-industry-tsaaro-zqvxf/
78.
Turton
W.
(2023 , September 14 ). Caesars entertainment paid millions to hackers in attack . Yahoo! Finance . https://finance.yahoo.com/news/caesars-entertainment-paid-millions-ransoms85252473.html?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuYXhpb3MuY29tLw&guce_referrer_sig=AQAAAJ5TiurVG-1BwV9CPYgI2ibhnyCY0vaYysK8cXaKUkJw3moJbBcGics4o6epEiTZQqtBDhLSNyzcy66POZymu-goI9heedrx72v24ILXJJZSKzXgI3plU1fp_7yeENUXb251MGVj76e0C2TwRFAjgGeUlbQSYgFAn26w39ijzSSe
79.
Walocko
L. A.
(2021 ). Data analytics in hotel and integrated resort brands: An evaluation of past literature and proposed research for the future [UNLV theses, dissertations, Professional Papers, and Capstones]. 4333 .
80.
Walters
J.
(2023 ). Experts on how hoteliers can prevent cyberattacks . HotelDive . https://www.hoteldive.com/news/hotels-cyberattack-security/694590/
81.
Wainstein
L.
(2018 ). Data security in hospitality: Risks and best practices . EHL Holding SA . https://hospitalityinsights.ehl.edu/data-security-in-hospitality-best-practices
82.
Wolff
J.
(2023 , October 20 ). How hackers swindled Vegas: And walked away with one of the biggest ransom payments in history . Slate Magazine . https://slate.com/technology/2023/10/mgm-caesars-casinos-vegas-hacks-ransomware-gambling.html
83.
Zou
Y.
Meng
F.
(2020 ). Chinese tourists’ sense of safety: Perceptions of expected and experienced destination safety . Current Issues in Tourism , 23 (15 ), 1886 –1899 .
Supplementary Material
Please find the following supplemental material available below.
For Open Access articles published under a Creative Commons License, all supplemental material carries the same license as the article it is associated with.
For non-Open Access articles published, all supplemental material carries a non-exclusive license, and permission requests for re-use of supplemental material or any part of supplemental material shall be sent directly to the copyright owner as specified in the copyright notice associated with the article.
0.00 MB
0.96 MB