Teen Arrested in the UK for MGM Resorts Hack

In 2023, MGM Resorts International experienced a significant cyber attack that disrupted their automated services, negatively impacted their third-quarter earnings, and compromised the personal information of millions, including Federal Trade Commission Chair Lina Khan. Khan's involvement in a lawsuit against MGM is partially attributed to her personal data being leaked during a stay at an MGM property in September 2023.

Arrest of Teen Linked to MGM Hack

Authorities in the United Kingdom have arrested a 17-year-old in connection with the MGM cyber attack, which has been linked to the notorious hacking groups Scattered Spider and ALPHV. These groups have a history of executing damaging cyber assaults on both private and public sector organizations, amassing substantial ransom payments over the years.

The arrest, which took place in Wallsal, UK, was conducted by the Regional Organised Crime Unit for the West Midlands with support from the UK’s National Crime Agency and the US Federal Bureau of Investigation. The suspect has since been released on bail. This collaborative effort with MGM Resorts International marks a significant step in the ongoing investigation.

Law Enforcement's Response to Cyber Threats

This arrest demonstrates the growing capability of law enforcement to address and mitigate ransomware attacks, highlighting the potential to hold cybercriminals accountable. Although the suspect has not been formally charged, the global effort to track down individuals involved in the MGM hack illustrates that even well-organized groups like Scattered Spider are not beyond the reach of the law.

Impact and Ongoing Challenges of the MGM Hack

The cyber attack on MGM Resorts International affected ten properties across the United States. The disruptions included credit card processing failures, outages of the company’s website and app, non-functional in-casino ATMs, and disabled hotel room key cards, leading to significant customer dissatisfaction.

Detective Inspector Hinesh Mehta of the ROCU emphasized the gravity of ransomware threats, noting that these cyber groups have successfully extorted large sums of money from numerous global organizations. Despite the serious nature of these threats, law enforcement advises companies to contact authorities and avoid paying ransoms to hackers.

This is not MGM Resorts International's first encounter with cybercriminals. In 2019, the company faced a similar incident that exposed the personal data of 10.6 million individuals. The ongoing threat of cyber attacks from groups like Scattered Spider continues to drive efforts to bolster cybersecurity measures and educate both businesses and government entities on how to protect against these persistent threats.