Millions of MGM Resorts Customers Have Their Personal Data Compromised

MGM Resorts, one of the largest casino resort chains in Las Vegas, was hit by a group of cybercriminals who hijacked the personal and contact information of millions of hotel guests. Among those affected are celebrities, members of the chain’s staff, reporters, and even government officials.

Jack Dorsey, Chief Executive Officer of the social networking service Twitter and pop singer Justin Bieber are reportedly also affected by the breach. The stolen information included the details of Stephen Paddock, the infamous Mandalay Bay gunman who killed over fifty people during a mass shooting in October 2017 before he shot himself.

The information the hackers stole includes the guests’ full names, birth dates, residence addresses, emails, and telephone numbers. It appears the guests’ banking details have not been compromised by the cybercriminals.

The hackers shared the stolen information on an online hacking forum earlier this week. It is not yet clear which properties of the chain were affected by the hacker attack. With that said, MGM has a solid presence on the Las Vegas Strip, with major luxury casino resorts like the Bellagio, Mandalay Bay, Aria, and MGM Grand.

Representatives of the casino resort chain confirmed they first noticed there was unauthorized access to one of MGM’s cloud servers in the summer of 2019. A spokesperson for MGM Resorts commented on the incident, explaining the data leaked on the forum does not include financial details such as card numbers or passwords.

Security Experts Suggest the Attack May Be a Diversion Technique

Potentially affected customers have been informed about the hack in line with the applicable state laws, the spokesperson assured. When the unauthorized access to the cloud server was first discovered, the casino resort chain hired the services of two cybersecurity firms to investigate the issue. MGM assures it has taken all the necessary steps to enhance its network’s security to prevent similar attacks from happening in the future.

According to Sam Curry from the cybersecurity technology company Cybereason, the MGM hack may be a diversion for a more sophisticated attack that targets the personal information of key government figures and law enforcement leaders.

He stressed that while for most of the 10.6 million affected individuals, the leaked information was limited to names, addresses, phone numbers, and birth dates, around 1,300 of the affected also had their personal ID details stolen. For some people, this included military ID cards and driver’s licenses.

Mr. Curry said that it was early to draw any definite conclusions but there was still a possibility the hack may be used as a smokescreen to cover more strategic attempts to gain access to government and law enforcement information.

Lou Rabon, the founder and Chief Executive of another security company, the Cyber Defense Group, also commented on the breach, insisting that major companies like MGM must exercise constant vigilance when it comes to cybersecurity. He added the incident could reflect poorly on the company’s reputation.

COMMENTS