Feb 20, 2020 - Technology

Massive MGM data breach: Guests' personal details posted on hacking site

 Facade with sign at the MGM Grand hotel in Las Vegas

The MGM Grand hotel in Las Vegas. Photo: Smith Collection/Gado/Getty Images

An MGM Resorts security breach last summer resulted in the personal details of 10.6 million guests published on a hacking forum this week, ZDNet first reported Wednesday.

Why it matters: Federal government employees and high-profile guests were affected by the breach, according to analysis by data breach monitoring service Under the Breach and ZDNet — including officials from the FBI, Department of Homeland Security and the Transportation Security Administration, Twitter CEO Jack Dorsey, Microsoft staffers and singer Justin Bieber.

  • Analysis of the data contained email addresses and phone numbers, along with full names, birthdates and addresses, per ZDNet.
  • "Hotel chains and travel companies have been a major target for Chinese espionage, in particular, because of the vast troves of data they store on American executives and government officials with security clearances," notes the New York Times, which pointed to the Marriott hotels breach of 2018.

What they're saying: MGM confirmed in a statement that it discovered "unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts." "We are confident that no financial, payment card or password data was involved in this matter," the statement said.

  • An MGM spokesman wouldn't go into specifics on affected guests, but he told Axios via email the "vast majority" of what was posted was information that can be found in the phonebook or via online search and that among the data were "many duplicates."

Go deeper: Cost of the average U.S. data breach tops $8 million

Go deeper