By Dave McKay | July 14, 2020
MGM Data Breach Might Be Much Larger Than Thought
The MGM Resorts data breach of 2019 was reported at the time to be in the order of 10.6 million personal records. That’s impressive, for all the wrong reasons. It is now believed to have included personal data of more than 142 million MGM hotel guests.
That’s staggering—and still not in a good way.
The new figures are based on the amount of breached data that is being sold on the Dark Web. The hacker is offering a database of 142,479,937 personal records for a price just over US $2,900. Originally, back in 2019, a database of 10.6 million personal records was made freely available on a hacking forum.
All Affected Data Subjects Have Been Notified
MGM were aware of the breach last year, but didn’t go public with it. MGM did notify affected data subjects, in accordance with their local breach notification requirements.
An MGM spokesperson is quoted as saying “MGM Resorts was aware of the scope of this previously reported incident from last summer and has already addressed the situation. The vast majority of data consisted of contact information like names, postal addresses, and email addresses.”
No financial information was included in the breached data, but it does include names, addresses, dates of birth and phone numbers.
Could It Be Even Bigger?
Posts on Russian-speaking hacking forums suggest that MGM data breach may have contained more than 200 million personal records.
Source: ZDNet