CES Attendees Data Hacked MGM Resorts Compromised
The personal information of at least 10.6 million guests many who stayed at MGM resort properties in Las Vegas during CES have been hacked.
MGM Resorts in Las Vegas alone include, Bellagio, Aria Resort & Casino, Vdara, Excalibur, Luxor, Mandalay Bay, Delano Las Vegas, Mandalay Bay Convention Center where major CES events take place, MGM Grand Las Vegas MGM Grand Garden Arena, Skylofts at MGM Grand, The Mansion at MGM Grand, The Signature at MGM Grand, The Mirage, New York-New York, and Park MGM.
The MG Grand alone attracts over 2,000 CES guests during CES now it’s been revealed that the data exposed included names, address, and passport numbers of people who stayed at MGM Resort properties during CES.
The stolen information was posted to a hacking forum this week.
I have stayed at the MGM Grand for the last 25 years during CES and prior to that Comdex and I have received no notification of the hack despite it being discovered several months ago.
Now the resort chain is claiming that they are unable to say exactly how many people were impacted.
MGM said it was “confident” no financial information had been exposed despite them not knowing which data has been extracted.
Normally MGM keeps credit card information on the same database and inside the profile of a guest.
“Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter,” a spokesperson for MGM Resorts said.
Among the people who were impacted included celebrities like Justin Bieber and Twitter founder Jack Dorsey.
MGM said most of the data that was stole was “phonebook information” like names, telephone numbers and email addresses, which are already publicly available.
The Hotel Group has admitted that they only told 53,000 guests that their information had been compromised.
MGM said its notification to customers followed state laws. Most US states do not require companies to tell customers if data which is already public has been exposed during a hack.
Passport numbers are not public information.
MGM has resorts in Las Vegas, Atlantic City and Detroit in the US. It also has property in China and Japan and is developing a new resort in Dubai.
According to ZDNet the data was posted to a hacking forum. Cyber attackers can use all sorts of information, even data that is less sensitive, to target an individual online.
This is not the largest hacking of hotel guest information. In 2017, Marriott Hotels experienced a much larger data breach exposing 500 million guests. That attack was linked to Chinese state-sponsored hackers.