At Borgata, it’s cash only, no comps or credit cards, after MGM cyber attack

Adam Lorber has been visiting the Borgata once a month for more than a decade. But he won’t be making the trip this week.

The 50-year-old Long Island resident canceled his three-night stay, which had been set to begin Wednesday, due to the cyber attack that disabled some electronic systems at the Atlantic City casino resort and other MGM properties nationwide.

The situation at the Borgata sounds like “a total disaster,” he said, with guests unable to use credit cards or comps on the casino floor or at restaurants and other venues.

Most of all, though, he said, he’s concerned about his personal information.

“I’m a loyal customer of Borgata,” he said, “but it’s shaken my confidence in them.”

All of MGM’s 19 U.S. hotels, including the Bellagio and Mandalay Bay in Las Vegas, have been impacted by Sunday’s attack. Guest have reported on social media that slot machines, ATMs, restaurants, and digital hotel room keys have been affected.

At the Borgata on Wednesday, signs around the resort, including at restaurants, read: “All outlets can only accept cash payments until further notice.”

The website for the resort was down, showing only a brief message that directed customers to make restaurant reservations on a third-party site and go to Ticketmaster.com for event tickets. On the page, the hotel also said it would waive cancellation or change fees from Wednesday through Sunday. People calling the Borgata on Wednesday were greeted with an automated message, saying it was experiencing technical issues and encouraging customers to call back later.

A ransomware group known as BlackCat took responsibility for the attack, Forbes reported Wednesday, citing VX-Underground, a malware research group that cybersecurity experts consider reputable. Forbes reported that the attack took 10 minutes and involved a hacker identifying an MGM IT support employee on LinkedIn and then calling the company’s help desk.

MGM Resorts International, which did not respond to requests for comment by The Inquirer, said Monday in a statement that it was dealing with a “cybersecurity issue affecting certain of the company’s systems.” The company said it had initiated an investigation right after detecting the problem, and was working with cybersecurity experts, as well as law enforcement. MGM was also “taking steps to protect our systems and data, including [by] shutting down certain systems.”

Later that day, the company followed up with another statement in which it assured guests that MGM resorts, including the restaurants, gaming, and entertainment they offer, were “currently operational.”

“Our guest remain able to access their hotel rooms,” MGM said, “and our front desk staff is ready to assist our guests as needed.”

As Alex and Jenny Parks headed home to Baltimore on Wednesday after a long weekend at the Borgata, they had a largely positive outlook on their stay.

“It is not chaos,” said Alex Parks, 28, as the couple packed up their car in a hotel parking lot.

They had overheard other guests saying that their room keys didn’t work and that they couldn’t call down to the front desk, they said, and the slot machines weren’t taking cards.

The couple took the inconveniences in stride: They said they had no issue gambling with cash, and noted that the ATMs were fully stocked and operational, just with the sting of a $6.99 fee.

On the casino floor, John Garner, 57, of Birmingham, Al., said his stay had been less than ideal.

“It’s been miserable,” he said, as he played at the Huff N’ More Puff slot machine inside the casino. “You couldn’t even cash out.”

His main concern, he said, was whether the money he’d spent in cash would be applied to his loyalty card for future rewards. He had been unable to use comps to pay for meals, and had heard no word from MGM about being compensated for that out-of-pocket expense. His hotel room and flight had already been comped from a promotion, he said.

Borgata employees did not say anything about the attack during check-in, Garner said. He first found out about the computer issues when he tried to cash out of his slot machine.

”The only time they told us was when we couldn’t get any money out of the machine,” he said. “They had to come around and write out a slip to take to the cashier. We had to sit for an hour waiting.”

After that, he went up to his room, he said, and called it a night.

“We have no choice,” but to stay, Garner said. “Our plane doesn’t leave until tomorrow.”

Meanwhile, Lorber, who has been a Borgata regular for a decade, is waiting to reschedule his monthly trip until he learns more about the cyber attack.

“It’ll be interesting to see what the strategy is after they fix this finally. How are they going to gain trust back?” Lorber said. “I might start thinking about going to the Caesars properties — Tropicana or Harrah’s or Caesars — until I’m sure everything is OK.”