Nevada gaming commissioner wants answers about MGM, Caesars cyber attacks
Brian Krolicki, the newest member of Nevada's gaming regulator, appointed in February by Gov. Joe Lombardo (R), believes the commission, and possibly the public, are aware of casinos' recent Cybersecurity breaches that occur should be reported to operators of MGM Resorts International and Caesars Entertainment.
Croridge, a Republican who twice served as lieutenant governor and state treasurer, succeeded Commissioner Ben Kickhofer as Lombardo's chief of staff after leaving the agency.
Croridge said at the end of a nearly five-hour meeting of the Nevada Gaming Commission on Thursday that he wanted to hear more about the cyberattacks against MGM and Caesars. The attacks sparked global media coverage.
Information needed
MGM operations continue to be disrupted by a cyberattack on IT systems, believed to have been launched on September 10.
While most gaming and resort business has resumed, casino hotel rooms still cannot be reserved online and can only be changed by calling the hotel. MGM guests will also need to check in at the front desk to receive a physical room key, as digital access remains unavailable.
Caesars disclosed in a filing with the Securities and Exchange Commission that its Caesars Rewards loyalty program was hacked in August. Caesars paid a ransom in exchange for hackers agreeing to delete customer data. The reward is reportedly $15 million.
A cybercriminal gang called Dispersed Spiders claimed responsibility for both attacks. Beyond these details, the public knows little about cybersecurity incidents. Krolicki believes the committee deserves answers.
I think this is important and certainly insightful given recent events around cybersecurity and ransomware and the impact this has on our regulatory responsibilities. Krolicki said. "The top priority now is to recover and ensure the health of our customers and the security of our systems."
"But at some point, when we have the energy and understanding of what just happened, it would be helpful if we could get some sort of briefing on what happened," Kroritz continued.
The former lieutenant governor said the public should also be informed of these incidents if the information is appropriate for disclosure. Krolicki said the Nevada Gaming Control Board (NGCB), which is overseen by the Gaming Commission, should consider additional updated cybersecurity measures in hopes of preventing similar attacks in the future.
Reporting Guide
The Nevada Gaming Commission has required its licensed casinos to conduct an annual risk assessment of their cybersecurity systems. The state also requires licensees to report any data breach to the NGCB within 72 hours of becoming aware of the incident.
Krolitz wanted to know if MGM and Caesars could meet the deadline and get further answers to the many unknown questions.
There are a lot of questions and a lot of advertising. "This is a global story, and I think it's our job to properly deal with what's going on," Krolicki concluded.
Because Krolicki's comments were made during the public comment period of the commission meeting and were not part of the agenda item, Commission Chair Jennifer Togliatti said the commission "cannot take any action" on his request. The next meeting of the Nevada Gaming Commission will be held on October 4th.
Read also:
- Football 101: What is relegation in football?
- Boston Celtics center Kristaps Porzingis out for No. 1 team
- Los Angeles Rams trade running back Cam Akers to Minnesota Vikings
- Cirque du Soleil performer injured leg during Beatles show in Las Vegas
Source: www.casino.org