Casino operator MGM Resorts International said it was the victim of a data breach in 2019 after a report claimed that the details of more than 10.6 million hotel guests were exposed.
Technology website ZDNet reported about the incident late on Wednesday, saying that the personal details of more than 10.6 guests who stayed at MGM Resorts hotels were published on a hacking forum this week.
The leaked data files reportedly included personal details such as full names, home addresses, phone numbers, emails and dates of birth of the guests. However, no financial data was leaked.
According to the report, the leaked files also included personal and contact details for tech CEOs, celebrities, government officials and reporters.
Hacked information about Twitter CEO Jack Dorsey, pop star Justin Bieber, as well as DHS and TSA officials are said to be included in the list.
ZDNet said it verified the authenticity of the data with a security researcher from Under the Breach, a data breach monitoring service to be launched shortly.
According to various reports, a spokesperson for MGM Resorts confirmed the data breach. Last summer, the company discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of the company.
MGM Resorts spokesperson was quoted as saying that no financial, payment card or password data were involved in the incident, and the affected guests were notified.
The company also said that after it discovered the incident, it retained two cybersecurity forensic firms to help in an internal probe and upgraded the security of its network to prevent such breaches in the future.
In a similar incident, Marriott International revealed in November 2018 a data breach that contained information of up to 500 million guests.
For about 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
The information of some of the guests also included payment card numbers and payment card expiration dates, but the payment card numbers were encrypted.
Source: Read Full Article