More than 10 million MGM hotel guests had their personal information leaked online this week, according to ZDNet.Full names, addresses, phone numbers, emails, and birthdays were exposed, but MGM told Business Insider that no payment information was compromised.MGM said it discovered the data breach last summer and notified customers who were impacted based on state laws. Justin Bieber, Jack Dorsey, and US government officials were reportedly among those whose data was leaked.Visit Business Insider’s homepage for more stories.
The personal information of more than 10.6 million MGM Resorts guests was posted onto a hacking forum on Wednesday, according to ZDNet. Those impacted included celebrities, reporters, government officials, tech CEOs, and employees, according to ZDNet.ZDNet reported that they were informed of the posted information by a company called Under the Breach and that the two organizations worked together to verify the leaked information. Full names, home addresses, phone numbers, emails, and birthdays of 10,683,188 people who had previously stayed at a MGM hotel were included in the leaked files, according to ZDNet’s report.MGM told the outlet that the information was older, and ZDNet confirmed that none of the guests they spoke to in order to confirm the data had stayed at a hotel after 2017.
A spokesperson from MGM said they couldn’t confirm the number of people whose information was stolen.Among those whose information was leaked were high profile individuals like pop-star Justin Bieber and Twitter CEO Jack Dorsey, as well as officials from the Department of Homeland Security and the Transportation Security Administration, according to ZDNet.Twitter declined to comment on whether Dorsey’s information was compromised.MGM declined to confirm any specific individuals impacted by the breach, but said it had notified customers “as applicable by state law.” They also said that most of the information would be considered “phone book” information, meaning it can be easily found in a phone book or through a google search, and most states do not require people be notified when that information is released. The site Under the Breach came across the leaked files on an online forum commonly used by hackers, the company told Business Insider in a Twitter message. A researcher then cross-referenced the information with publicly available data and emails that had been exposed in previous breaches, they said. ZDNet and Under the Breach also confirmed with several individuals whose information appeared in the leaked files that they had indeed stayed at MGM hotels during the time period in question.
The release of information stemmed from a breach on a cloud server that was discovered last summer. A spokesperson for MGM told Business Insider it is confident that no financial information was stolen.Upon discovering the issue, MGM said they got two leading cybersecurity forensics firms to help them with an internal investigation, review and find a solution. “At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again,” the spokesperson told Business Insider.