MGM Resorts admits hackers exposed personal data of over 10 million guests

“At MGM Resorts, we take our responsibility to protect guest data very seriously.”

An MGM statement about a very serious security breach

mtcurado/iStock Unreleased/Getty Images

In 2019, one of America's most famous casino and hotel operators, MGM Resorts, became the victim of a breathtakingly massive data breach, according to an exclusive report by from ZDNet.

This nightmare for MGM Resorts clearly isn't over as the personal information belonging to 10.6 million former hotel guests was dumped on a hacking forum this week, per the report. The company confirmed the unauthorized access to ZDNet, which verified the data with Under the Breach, a group that monitors breaches.

Very personal data — Sensitive information like home addresses, dates of birth, full legal names, and more related to 10,683,188 former hotel guests was exposed in the data dump, including guests with names like Jack Dorsey and Justin Bieber.

What MGM says — According to The New York Times, MGM Resorts acknowledged the breach in an official statement only after the ZDNet report went live. "Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts," the official statement read. "We are confident that no financial, payment card or password data was involved in this matter."

MGM Resorts said that it acted quickly to notify affected guests last year. Although it didn't reveal who accessed the data, the company claimed that it cooperated with law enforcement authorities for a thorough investigation. "At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again," the company officially stated.

Why MGM? — Although MGM Resorts claims that the guests' financial information and password details weren't compromised in the breach last year, the ZDNet report is a disturbing confirmation that hospitality and credit businesses are still prime targets for hackers. After all, these enterprises carry treasure troves of sensitive data on high-ranking figures within government, tech, finance, and entertainment sectors.

In 2018, for example, the Marriott International publicly acknowledged that a data breach in 2014 may have exposed the information of 383 million guests. In 2017, a massive breach at Equifax revealed the information of over 146 million users, including their Social Security numbers. With the MGM data breach, it's obvious cybercrime is alive and well — and operating at a massive scale.