Cyber Incident Victim: MGM Resorts International

In July 2019, MGM Resorts identified unauthorized access to a cloud server containing personal information of previous hotel guests. The company promptly initiated an investigation, engaging two cybersecurity forensics firms to analyze the breach. By August 2019, MGM began notifying affected individuals in compliance with state regulations, though the full scope of impacted guests remained unclear at the time. The compromised data included full names, home addresses, phone numbers, email addresses, and dates of birth for 10,683,188 individuals, but excluded financial records, payment card details, or passwords according to the company's assessment. The breach remained largely undisclosed publicly until February 2020, when a hacker posted the entire dataset on a widely accessible cybercrime forum.

Security researchers verified the leaked data's authenticity through direct contact with multiple affected individuals, including business travelers, journalists, corporate executives, and government personnel who had stayed at MGM properties prior to 2017. High-profile victims identified in the dataset included Twitter CEO Jack Dorsey, singer Justin Bieber, and officials from the Department of Homeland Security and Transportation Security Administration. Threat intelligence analysts noted the information had circulated privately among hackers since at least July 2019, with attribution pointing to an actor associated with the GnosticPlayers group known for mass data dumps. MGM confirmed the forum posting originated from the prior summer's incident and emphasized implemented security enhancements to prevent recurrence. The exposure significantly elevated risks for spear-phishing and SIM-swapping attacks against victims due to the concentration of influential figures' contact details. While smaller in scale than Marriott's 2017 breach, the incident highlighted persistent vulnerabilities in hospitality sector data storage practices.