MGM Resorts is doing damage control after media reports shed light on a 2019 data breach that exposed the personal information of an
unknown number of MGM guests.
“Last summer, we discovered unauthorized access to a cloud
server that contained a limited amount of information for certain previous
guests of MGM Resorts,” the company said in a statement. “We are confident that
no financial, payment card or password data was involved in this matter.”
According to MGM, the vast majority of information exposed
was “phone book data,” or information like first and/or last name, phone number
and other data that can generally be found in a phone book or via Google search.
While analysts have pegged the number of impacted guests at
around 10 million, MGM said the company is not confirming the number of
individuals affected, citing that fact that the data was “messy and included
MGM confirmed guests potentially impacted by the incident
were notified, in accordance with state laws. The company also hired two
cybersecurity forensics firms to assist with an internal investigation, review
and remediation of the issue.
“At MGM Resorts, we take our responsibility to protect guest
data very seriously, and we have strengthened and enhanced the security of our
network to prevent this from happening again,” the company said.