Someone robbed the MGM Grand last summer. Normally, you think of money when someone mentions robbing a casino. Movies like Ocean’s Eleven come to mind. However, the thieves didn’t steal money. They took the personal information of 10.6 million guests. If you stayed at the MGM Grand anytime before last summer, it probably includes you.

The Leak

Everything came to light when a data dump was published on a hacker forum earlier this week. It included personal information for an astonishing 10,683,188 guests. Those guests ranged from regular tourists to government officials, CEOs, and celebrities. It included Justin Bieber and Twitter CEO Jack Dorsey.

What personal information was included? Full names, home addresses, phone numbers, email addresses, and birthdates.

MGM Grand Leak Screenshot

Image by ZDNet

ZDNet reached out to people found in the file. They confirmed that they stayed at the MGM Grand and the accuracy of the data within the file. According to ZDNet, “We got confirmation from international business travelers, reporters attending tech conferences, CEOs attending business meetings, and government officials traveling to Las Vegas branches.”

Response from MGM Resorts

MGM responded almost immediately when asked about the leak. Within hours, MGM Resorts linked the data to a security incident in the summer of 2019.

“Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter.”

-MGM security officials

MGM also says that they alerted affected guests at the time. No one seems to have any of these notifications. However, researchers found a few posts about the leak in various forums back in August of 2019.

Why Personal Information Leaks Matter

This type of data leak contains a wealth of information. Armed with this info, crafting email scams or spear-phishing emails becomes much easier. Someone could also hijack your phone number. From there, they can work on accessing your email and bank accounts.

“This is a great example of how these breaches and their fallout can continue to haunt businesses for quite some time,” said Adam Laub, CMO at STEALTHbits Technologies. “It’s likely MGM thought this incident was far in the rearview, but the value of their particular dataset continues to have appeal, despite its age and the potential staleness in certain spots.”

Does your organization utilize cloud services? Is cloud data secured properly? Do you have a data breach response plan? Don’t be like MGM Grand. Let Pit Crew IT Services help keep your data safe and secure. Request a free consultation today!

Get a FREE IT Consultation!

Start Now