In September, a sophisticated cyberattack targeting MGM Resorts knocked critical systems offline for days, allegedly costing the company over $100 million, preventing customer access to rooms, gambling winnings, restaurants, and other functions at MGM properties. Cybercriminals also appeared to exfiltrate sensitive data and encrypted company systems. The disruption sparked outrage online, as confused guests turned to the internet for answers. While MGM has not disclosed exact figures, the shutdown could impact its bottom line and reputation for years.

The stakes are high for casinos like MGM. In the hours following the cyberattack, confusion turned to distrust as rumors scaled quickly across the internet. Blackbird.AI explored the online narratives around the MGM attack to understand the stories being propagated online and how they impact the business and reputation. Using narrative discovery in Constellation, our AI-driven Narrative Intelligence Platform, we analyzed how the conversation developed across the internet and how narratives about the attack can rapidly develop, metastasize, and damage brands. 

This is a Constellation visualization of online conversations mentioning MGM during the cyberattack. The node in the middle is MGM, interconnecting with narratives.

Using narrative discovery and techniques, we used Constellation to surface the conversation about damaging narratives to MGM. We used the application’s activity graph to discover a rapid narrative increase from September 10 to September 14. We then looked at the daily conversation to discern that the narratives became increasingly risky to the MGM brand as additional high-engagement users encouraged alternative casino choices and amplified criticism of MGM daily.

A significant set of narratives MGM faced were focused on ‘operational challenges’ and how the attack resulted in ‘confusion’ and ‘chaos.’ One narrative, for example, received thousands of engagements. This narrative started small and was picked up and amplified by the media and reinforced with comments from the general public reporting their personal experiences. When the media picked up the narrative, the corresponding coverage prompted a secondary narrative where users encouraged others to divert their attention and choose an alternative casino. We also identified a related conspiratorial narrative where users harbored suspicions of a potential cover-up due to what some perceived as minimal communication from MGM and the corresponding media coverage of the event.

A narrative focused on MGM paying the ransom. While competitor Caesars Entertainment reportedly paid a ransom demand to restore their systems after a recent cyberattack, MGM held off - a decision that provoked narratives contrasting the two brands. Narratives included themes around Caesar's properties being back up and running normally just days after the attack. In contrast, MGM properties' slot machines and hotel critical systems remained offline. Supporters contend that MGM took an ethical stand by refusing to pay, but detractors argue the company put profits over customer convenience. The episode illustrates ransomware victims' dilemma and the ripple effects of narrative attacks that often follow cyberattacks.

Here are other significant narratives among hundreds that emerged from the MGM cyberattack:

  • The fear that nothing was impenetrable. 
  • If MGM can be hacked, what other casinos can be hacked?
  • Losing faith in financial institutions and withdrawing cash from the bank. 
  • Fear that if casinos could be attacked, so too can elections. 
  • The Russians and Chinese are gearing up to hack US companies and institutions. 
  • There is a spill-over effect that could create third-party-risk to brands the company has a relationship with.

Activity graph of tens of thousands of engagements generated daily creating narratives based on the cyberattack facing MGM.

These narratives demonstrate that the MGM attack had far-reaching consequences for other institutions and an overall erosion of trust. The cyberattack on MGM Resorts serves as a cautionary tale for any organization. As this incident shows, a data breach or system outage doesn't just result in immediate disruption and financial losses. The damage to brand reputation and public trust can linger long after the technical issues are resolved. 

For organizations that rely heavily on customer perception and loyalty, a cyberattack risks losing revenue and customers for the long haul. For businesses in competitive industries like hospitality and gaming, falling victim to a significant cyberattack could mean permanently losing ground to rivals in the court of public opinion. This makes having robust cybersecurity measures and incident response plans imperative. Equally important is having a narrative intelligence strategy that enables them to be better prepared for narrative attacks so that cybersecurity, crisis communication, and marketing teams can make better strategic decisions to help protect the company and its customers. To learn more about how Blackbird.AI can help in these situations, reach out to us here.

Anne Griffin and Beatrice Titus
About Blackbird.AI
Blackbird.AI helps organizations detect and respond to threats that cause reputational and financial harm. Powered by their AI-Driven Narrative & Risk Intelligence Constellation Platform, organizations can proactively understand risks and threats to their reputation in real-time. Blackbird.AI was founded by a team of experts from artificial intelligence, and national security, with a mission to defend authenticity and fight narrative manipulation. Recognized by Forrester as a "Top Threat Intelligence Company," Blackbird.AI's technology is used by many of the world's largest organizations for strategic decision making


While all these recommendations seem to be sound, the likelihood that these measures can be agreed upon and implemented are becoming increasingly less likely in the U.S. and around the world. In fact, we have been moving in the opposite direction. Platforms have begun to roll back access for research communities, decrease moderation around misinformation, or strike down moderation altogether in the name of freedom of expression. The very notion of banning a popular platform in the U.S. would have seemed unthinkable a few short years ago, with organizations like the ACLU strongly voicing that a ban on TikTok would violate the First Amendment.

- asdf