The personal information of 10.6 million guests who stayed at MGM resorts hotels have been published on an online hacking forum.
According to a report by ZDNet, the data dump contains the personal details for 10,683,188 former hotel guests.
Exposed personal details include full names, home addresses, phone numbers, emails and dates of birth. MGM are “confident” that no financial information or password data had been exposed.
A MGM spokesperson told ZDNet that the data comes from security incident that took place last year: “Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts.”
Many of the impacted former guests include high-profile celebrities such as Justin Bieber, and Twitter founder Jack Dorsey. In addition, the personal details of reporters, government officials and employees at some of the world’s largest tech companies were exposed.
Upon being notified about the data dumb, MGM stated that it has notified all affected former guests in compliance with relevant state laws.
According to a report by BBC, 1,300 former guests were notified about more sensitive information including passport numbers had also been revealed, whilst 52,000 were informed that less sensitive personal information was exposed.
MGM Resorts has retained two cyber security firms to conduct an investigation into the exposure.
“At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again,” the company said.Despite being a sizeable incident, it has no comparison to the Marriott data breach 2017 which exposed approximately 339 million guest records.
The post #Privacy: Hack exposes 10.6 million MGM hotel guest data appeared first on PrivSec Report.