Personal information of more than 10.6 million users, who stayed at an MGM resort hotel, has been found online over the past week. The data breach originally happened in July of 2019, and according to an MGM spokesperson, they discovered unauthorized access to a cloud server that contained personal information of previous guests, who stayed at MGM resort hotels.
The leaked information reportedly belongs to celebrities, CEOs of tech companies, reporters, government officials and employees for some of the top tech companies in the world. Rumors are that singer, Justin Bieber, and Twitter founder, Jack Dorsey, are among some of those affected by this data breach. The data was verified by ZDNet and a security researcher from Under the Breach. A spokesperson has also publicly acknowledged the incident.
The data stolen includes personal details, such as full names, home addresses, phone numbers, emails and dates of birth of MGM resort guests. While MGM is confident that no payment information, credit card information or passwords have been stolen, at least 1,300 people have had more sensitive data, such as driver’s licenses, passports or military ID cards stolen.
Reportedly MGM notified customers in August of 2019 if they were affected by the data breach, including those whose more sensitive data was stolen as part of the breach. While the data breach was investigated by law information in 2019, and MGM implemented better security measures and retained two cybersecurity forensic firms to conduct an internal investigation. The data stolen was still found on a popular hacking forum this week. According to a spokesperson for MGM. “At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again,”.
Currently, MGM is being sued over the data breach. The law firm, Morgan & Morgan, filed the lawsuit in Nevada District Court on Friday, February 21st. Their lawyer, John Yanchunis, has represented various Yahoo users from the Yahoo data breach that affected 3 billion accounts between 2013 and 2016.
Additionally, the lawyer has also been associated with other data breach lawsuits including the Equifax data breach and the Facebook data breach. The lawsuit was filed as a complaint for damages and injunctive relief. John Smallman, the named plaintiff, is a California resident who stayed at the Luxor over the last 10 years and used a credit card at the Bellagio.
The complaint states that customers continue to spend significant amounts of time and money in an effort to protect themselves from the adverse ramifications of the breach. The lawsuit alleges negligence, breach of contract, breach of confidence and violation of the Nevada Consumer Fraud Act. The lawsuit is seeking damages in an undisclosed amount. According to the attorneys, John Morgan and John Yanchunis, who are representing Smallman. “We will continue to hold companies accountable for the harm they cause in people’s lives until they start treating consumers’ data with the care it deserves,” MGM has yet to respond to the lawsuit.