Breach Brief – MGM Resorts

Breach Brief – MGM Resorts

Have you stayed at an MGM Resorts hotel lately? Well it appears you may have lost something more than just money. You may be one of 10.6 million customers caught up in the latest massive data breach.

The personal information of more than 10.6 million MGM guests were discovered posted on a hacking forum. According to ZDNet it has confirmed the data’s authenticity. ZDNet said the data stash contains guest’s full names, home addresses, phone numbers, emails and dates of birth. Names among the information include tech CEOs, celebrities, government officials, reporters and possibly yours.

MGM Resorts said in statement that it had already notified affected customers about the breach last year. The company has also commissioned two cybersecurity forensics firms to investigate the incident. The firms were not named. When the breach occurred and during what time frame is still not clear.

However, MGM Resorts management team told the publication that it was able to trace the leaked data back to a security breach that took place last year. According to MGM last summer it discovered an unauthorized entry to a cloud server that housed some information for “certain previous guests” to its hotels.

A company spokesperson emphasized that the MGM is confident “no financial, payment card or password data was involved in this matter.” Under the Breach, a breach monitoring company, told ZDNet the leaked information is enough to make guests vulnerable to spear phishing attacks and SIM-swapping schemes. Details from the breach have been added to the Have I Been Pwned database, and you can register there for a notification of whether your email address is among those included.