MGM Resorts hasconfirmed there was unauthorized access to one of the company’s cloud servers in2019 that contained information on a reported 10.6 million guests, possiblyincluding several high-profile guests.
MGM did not confirm thenumber of people involved, but ZDNet working with the new security firm Underthe Breach reportedly found data on 10,683,188 that SC Media was able to confirm included fullnames, home addresses, phone numbers, emails, and dates of birth, posted to a hackingforum.
“Last summer, wediscovered unauthorized access to a cloud server that contained a limitedamount of information for certain previous guests of MGM Resorts. We areconfident that no financial, payment card or password data was involved in thismatter,” MGM Resorts told SC Media in a statement.
The company believes no financial data or passwords were included in the data dump, adding it has informed the customers involved.
However, Ray Walsh, dataprivacy advocate at ProPrivacy, said some customers did have more sensitivedata exposed.
“MGM Resorts has claimedthat no financial, card payments or passwords were stolen during the breach.However, it would appear that at least 1,300 individuals had extremelysensitive data stolen during the incident – including personal information fromtheir driver’s license, passport, and even military ID cards,” he said.
The company did not sayexactly how or why the cloud server was exposed, but Matt Walmsley, EMEADirector at Vectra, believes is likely one of the normal causes behind suchbreaches.
“MGM has acknowledged acloud ‘server exposure’. This could have easily been caused from poor cloudconfiguration and security hygiene, or from offensive attacker behaviors. Aspractitioners, we need to stop treating cloud separately from a securityperspective,” he said.
MGM Resorts said it promptlynotified guest ..
Support the originator by clicking the read the rest link below.
