The stolen personal information of 10.6 million guests of MGM Resorts hotels was posted to a hacking forum this week, according to reports.
Last night an MGM Resorts official confirmed to C&IT that there had been a data hack last summer. The data exposed included names, addresses and passport numbers of previous guests.
The company said it was "confident" no financial information had been exposed but could not confirm exactly how many people had been affected because the data that was exposed may have been duplicated.
In a statement handed to C&IT, an MGM Resorts spokesperson said: “Last summer, we discovered unauthorised access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts.
“We are confident that no financial, payment card or password data was involved in this matter. MGM Resorts promptly notified guests potentially impacted by this incident in accordance with applicable state laws.
“Upon discovering the issue, the company retained two leading cybersecurity forensics firms to assist with its internal investigation, review and remediation of the issue.
“At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again.”
Celebrities including Justin Bieber and Twitter founder Jack Dorsey were among those affected, according to a report from ZDNet. But these leaks have not been confirmed by MGM.
Much of the data that was stolen was "phonebook" information such as names, telephone numbers and email addresses, which MGM said was already available publicly.
Around 1,300 former guests were notified that more sensitive information including passport numbers had been revealed, it has been reported.
Some 52,000 customers were told that less sensitive personal information was exposed, according to the BBC, though this was only part of the number affected.
MGM resorts are in Las Vegas, Atlantic City and Detroit in the US, but also has properties in China and Japan and is developing a new Dubai resort.
In 2017, Marriott Hotels was on the end of a much larger data breach exposing 500 million guests, linked to alleged Chinese state-sponsored hackers.
MGM did not immediately respond when asked to confirm whether the details of the ZDnet report were completely accurate.
For more features and breaking news sign up to C&IT Magazine's daily Newstracker.
Have you registered with us yet?
Register now to enjoy more articles
and free email bulletins.