Hackers have posted on an underground forum the personal information of 10.6 million MGM Resorts guests, ZDNet reports.
The exposed information includes full names, home addresses, phone numbers, emails and dates of birth, according to the report, which claims the authenticity of the data has been verified with the help of a yet-to-be-launched monitoring firm called Under the Breach.
On Thursday 13th February 2020, a MGM Resorts spokesperson confirmed to Information Security Media Group that the company was hit by a data breach in the summer of 2019, when attackers accessed a “cloud server” that contained some details about guests who had visited the company’s hotels and resorts.
“We are confident that no financial, payment card or password data was involved in this matter,” the spokesperson tells Information Security Media Group. “MGM Resorts promptly notified guests potentially impacted by this incident in accordance with applicable state laws. Upon discovering the issue, the company retained two leading cybersecurity forensics firms to assist with its internal investigation, review and remediation of the issue.”
How the breach happened and what specific cloud-based systems were targeted is not known.