Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

Lina Khan Got Stuck in the Fallout of the MGM Hack at Las Vegas (bloomberg.com) 51

Among the hotel patrons snarled in the fallout of MGM Resorts' cyberattack was -- unfortunately for the company -- one very high-profile figure: Lina Khan, the chair of the US Federal Trade Commission. Bloomberg News: On Tuesday night, she was among the 45 people waiting to check in at the MGM Grand along the Las Vegas strip as staff worked to manually fulfill everyone's reservation, according to people familiar with the matter. When Khan and her staff got to the front of the line, an employee at the desk asked them to write down their credit card information on a piece of paper.

As the leader of the federal agency that, among other things, ensures companies protect consumer data wrote down her details, Khan asked the worker: How exactly was MGM managing the data security around this situation? The desk agent shrugged and said he didn't know, according to a senior aide who was traveling with Khan and described the experience to Bloomberg as surreal. Khan was among the thousands of MGM hotel patrons inconvenienced in the aftermath of the hack, which was said to be orchestrated by a group of hackers known as Scattered Spider. Days after the incident, many of the company's websites -- including its reservation system -- were still displaying error messages, some slot machines at its casinos across the country are still out of service and employees were handling processes manually.

This discussion has been archived. No new comments can be posted.

Lina Khan Got Stuck in the Fallout of the MGM Hack at Las Vegas

Comments Filter:
  • Just curious, what were they doing in Vegas?

    • by UMichEE ( 9815976 ) on Friday September 15, 2023 @03:52PM (#63852046)

      Given that it says she was with staff, it was probably a conference. There's all kinds of conferences that happen in Vegas. My sister was just there for some sort of academic conference.

    • Just curious, what were they doing in Vegas?

      What Happens In Vegas ... Stays In Vegas.

  • Slot machines? (Score:3, Insightful)

    by XXongo ( 3986865 ) on Friday September 15, 2023 @03:52PM (#63852044) Homepage

    "...some slot machines at its casinos across the country are still out of service and ..."

    Wait, why are slot machines on the internet in the first place?

  • by BishopBerkeley ( 734647 ) on Friday September 15, 2023 @03:58PM (#63852064) Journal
    Another drawback of maximizing profits at the expense of the salaries and wages of your workforce is that you end up with workers who are unqualified or too overwhelmed to resist such social engineering.
    • OTOH you get the workers you pay for and train. If they feel valued and are paid well for their role they'll care but then again these types of attacks require
      constant vigilance.

  • Or should I say "emails of Marque" :)

    No, I'm not serious - there are good reasons the international community pretty much got rid of privateering in the 19th century [wikipedia.org].

    But still, it's fun to think about Congress authorizing "cyber-privateers."

    "The year was 2128, I wish I were in Berkeley now..." [stanrogers.net]

    • by HBI ( 10338492 )

      Privateering wasn't really gotten rid of; it was just regularized with the concept of the 'armed merchant cruiser'.

      With the start of effective blockade, one side at least had little use for its merchant fleet other than that.

  • MGM table rules are better then Caesars

    at MGM the the minimum bet goes up you are locked into the lower rate also on the face up pigow tables and others? playing 2 hands you just need to bet min on both and not X2 min like some other places.

  • They inconvenienced someone in power.

  • and did people ask how long they keep that info around the store / hotel / etc?

  • Why are you asking them about company policy? Maybe you should use your position to ask someone who could answer the question. Why do we appoint these useful idiots^h^h^h^h^h^h^h^h^h people?
    • "Why are you asking them about company policy?"\

      Because they are *implementing* the policy at the first point of contact. The front-desk clerk is intimately familiar with what the front-desk clerk was told to. Finding out what they were told to do and whether that was communicated in a way they could actually follow is the first step in finding out if there is an actual problem.

      For example: the front-desk clerk asked for the credit card info to be written down on a piece of paper. That sounds bad. But was

      • Then the higher-ups will say that isn't the official policy, fire the front-line worker, and tell you what you want to hear. A tale as old as time.
  • So the High Profile Individual learned that ... just like everyone else in this system ... they're treated the same. And then they get mad. Hilarious.

    Hackers don't discriminate...The systems that they kill are all vulnerable to their attacks unless and until we learn to treat data -- and each other -- better. But...no, this is not what will happen.

    What will happen is FTC will probably slap MGM. MGM will rebrand...And everyone involved will get a check for $1.13 (only usable on MGM slot machines) with free c

  • More proof that Khan is an idiot, or at least a "karen." Why would she expect a check-in clerk to know what the corporation is doing internally? Idiot.

    • Well, PCI compliance requires every employee with access to sensitive credit card information at a company adhering to PCI-compliant processes, so if the company's employees don't know the processes, there's a high probably of a PCI violation. PCI compliance failure can result in the loss of the privilege to process credit card payments, which would essentially result in overnight closure of the business. Companies that want to stay in business do not play around when it comes to PCI compliance.

  • I was hoping someone would have some good ideas for how the company SHOULD be handling the sensitive information, but all I've seen are dumb arguments about who's dumb for asking the only people they have access to about what they're doing to keep said PCI secure.

    My naive approach would be to keep a record of the individuals who have access to the information (clerks, supervisors, etc), like a chain of custody document, and store the information itself in a locked cabinet (as secure as possible, obviously y

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...