MGM hack exposes data of 10 million, including government officials

The information of more than 10 million people who stayed at MGM Resorts, including data appearing to belong to government officials, was posted on a hacking forum earlier this week.

The posting of the hacked information was first reported Wednesday by the website ZDNet.

No financial data was included in the data set, which has been reviewed by NBC News. But it includes full names, birth dates, addresses, email addresses and phone numbers. The information was posted Feb. 17 to the hacking forum.

Last summer, the company "discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts," MGM Resort said in a statement.

"We are confident that no financial, payment card or password data was involved in this matter. MGM Resorts promptly notified guests potentially impacted by this incident in accordance with applicable state laws," a spokesperson for the company said.

MGM resorts
See Gallery
MGM resorts
"Las Vegas, USA - August 19, 2009: The MGM Grand hotel and casino of Las Vegas is seen here behind palm trees of the neighboring Tropicana Hotel and Casino. The MGM Grand is one of the largest hotels in the world with over 5,000 rooms available for guests."
Las Vegas, Nevada, USA - December, 2016: Golden Lion at MGM Grand Hotel and Casino
Bellagio Hotel and Casino at Night
Fountains of Bellagio, Bellagio Resort and Casino,
Las Vegas, Nevada - April 11, 2015: The famous fountains in action at the Bellagio Resort and Casino in Las Vegas, Nevada on a mildly cloudy. These large dancing water fountains are synchronized to music and play on the half hour both during the day and at night.
Las Vegas - June 29: Aria hotel and sign at the City Center on Las Vegas Boulevard on June 29, 2015 in Las Vegas. ARIA Las Vegas is the epitome of luxury casino resorts - featuring luxury suites, expansive views of the Las Vegas Strip, while be central to things to do in Las Vegas.
Las Vegas, Nevada - May 28, 2018 : The Aria Resort and Casino in Las Vegas city in Nevada
Las Vegas, USA - May 25, 2013: The entrance to the Aria hotel with a large lion sculpture at night.
Las Vegas, Nevada, USA - May 27, 2013: Day time aerial view of the neon illuminations of Las Vegas Strip in Nevada. Showing predominantely Aria Casino and Hotel.
Las Vegas, Nevada, USA - September 14, 2011: Mandalay Bay Hotel and Casino on the Strip in Las Vegas. Row of tall palm trees on the foreground and the afternoon sun illuminating the golden panels of the building. No people in the image
"Las Vegas, USA - August 19, 2009: The Mandalay Bay Resort and Casino opened in 1999 in Las Vegas, Nevada. Seen here is the reflective gold colored exterior of the 44-story tall main building."

MGM's statement did not disclose which properties were affected, but the company has a strong presence on the Las Vegas Strip. Its properties there include the MGM Grand, the Bellagio, ARIA and Mandalay Bay. Some people on an online Las Vegas message board noted in August that they had been notified that their data may have been stolen in July.

MGM Resorts also said that when it discovered the issue, it retained two cybersecurity forensics firms to help with the internal investigation and to determine steps to remediate the issue.

Hacked information about Twitter CEO Jack Dorsey and pop star Justin Bieber appear to be included on the list.

Others include members of the military and people with email addresses connected to the Department of Homeland Security, the Department of Justice, the FBI and the Transportation Security Administration.

Some of the phone numbers in the data set are disconnected. NBC News has reached out to more than a dozen people on the list and verified the posted personal information was accurate. Some of those on the list are employees of NBC Universal employees, the parent company of NBC News.

NBC News spoke to one person with a U.S. Secret Service email address who was surprised to learn he had been hacked. He said MGM never notified him about to breach.

The information on the hacking forum also including information of Stephen Paddock, the man who opened fire from the 32nd floor of the Mandalay Bay Resort and into crowds at a music festival Oct. 1, 2017, killing 58 people in the deadliest mass shooting in modern U.S. history. Paddock, 64, fatally shot himself as police closed in.

Lou Rabon, founder and CEO of security company Cyber Defense Group, said the breach is "another example of why companies need to be constantly vigilant with their cybersecurity program and practices."

"MGM Resorts failed at protecting their customers' data," he said in an email, adding that the matter could reflect poorly on its reputation among the public.

MGM Resorts says that it takes protecting guest data very seriously and that it has "strengthened and enhanced the security of our network to prevent this from happening again."

There have been several large-scale hacks of companies and institutions, including a 2017 data breach at Equifax that exposed sensitive data of more than 146 million people. Among the information that was exposed in that breach were Social Security numbers. Equifax is one of the nation’s biggest credit reporting services.

Last week, the Department of Justice said that four Chinese military hackers were charged in the Equifax breach, and that they are accused of stealing the information of around 145 million Americans. The FBI concedes it is unlikely they will face prosecution.

Equifax's CEO, Richard Smith resigned in 2017 ahead of congressional hearings amid the scandal, and the credit-reporting company later agreed to pay up to $700 million to settle federal and state probes — with $425 million set aside for affected customers.

In 2018, Marriott International said that the private information of up to 500 million guests may have been accessed as part of a breach of its Starwood guest reservation database. The hotel chain said at the time that the company discovered there had been unauthorized access since 2014.

When Attorney General William Barr announced the charges against the four Chinese military hackers in the Equifax breach, he also confirmed that China was behind the Marriott hack, which was something that had been suspected by cybersecurity experts.

Read Full Story
  • DJI21052.53-360.91-1.69%
  • NIKKEI 22517820.191.470.01%
    Hang Seng23236.11-43.95-0.19%
  • USD (PER EUR)1.08-0.0043-0.40%
    USD (PER CHF)1.02-0.0030-0.29%
    JPY (PER USD)108.450.62600.58%
    GBP (PER USD)1.23-0.0137-1.11%