The gambling world is on high alert after hackers breached the cybersecurity of casino giants MGM Resorts and Caesars Entertainment. In recent weeks, hackers attacked both operators.
Caesars reportedly paid the multi-million-dollar ransom while MGM is still fixing and securing some of its operations.
In Ohio, MGM Northfield Park, the only MGM location in the state, felt most of the pain. The racino suffered “minor issues,” like the facility’s website going down for a few days following the breach. But everything in Northfield is mostly back to normal.
The cyberattacks have increased concern over cybersecurity at Ohio casinos, sportsbooks and racinos. Customers want some assurance that their personal information is in good hands.
Each Ohio casino operator’s IT department responsible for cybersecurity
When a data breach happens like the one that affected MGM Northfield Park, there is plenty of blame to go around. In Ohio, each Ohio casino’s IT department is responsible for maintaining the quality, reliability, accuracy, security and integrity of all gaming-related computer systems.
On the other hand, the Ohio Casino Control Commission enforces state laws. That includes measures to ensure each regulated gambling facility uses effective measures to prevent attacks.
Jessica Franks is the Director of Communications for the OCCC. She says MGM is continuing to investigate the recent cybersecurity event and has been in contact with the commission.
Each Ohio casino and Ohio sportsbook has its own cybersecurity in place. However, Franks says there are additional safety measures each operator needs to take to keep customer information safe.
“Ohio sportsbook operators are required to maintain IT security insurance, and must also contract with an independent third party to conduct an IT audit within 90 days of initially commencing operations, and once each calendar year,” said Franks.
We know that MGM’s decision to shut down some of its systems was a preventative measure to protect sensitive data. In other words, just because MGM Northfield Park’s website went down doesn’t mean customer information was compromised.
Last week, MGM Northfield Park told PlayOhio it was only experiencing minor issues. According to a customer service representative, most of the problems were barely noticeable to customers, adding that there were “some issues with systems from time to time.” Also, after being down for a few days, The MGM Northfield Park website is once again fully operational.
Unlike most MGM properties, MGM Northfield Park is a racino. Meaning it only has slot machines and horse racing. Unlike the four Ohio casinos, it is overseen by the Ohio Lottery Commission.
Ohio state laws on casino and racino cybersecurity
Ohio casinos and racinos must follow a long list of rules and regulations to maintain good standing in the state. When it comes to cybersecurity, that falls on each individual operator, whether they are based in Ohio or not.
For example, each casino operator in Ohio must provide hardware and software for the exclusive use of the commission to facilitate access to the casino operator’s gaming-related systems from commission offices. Each operator must also give the commission a comprehensive list of all gaming-related computer systems.
The area where the gaming-related system servers and core components are located must be secured and access restricted to appropriate personnel. Any access made to the secured area must be logged. The log must be reviewed for accuracy and completion by a member of the IT department at least monthly.
These are just some of the things each operator needs to do to protect its data in Ohio. However, customers must understand there is always some inherent risk when visiting a gambling venue or using a gambling site.