The MGM Resorts, in February 2020, reported a data breach that affected nearly 10.6 million of its guests. The company took help of two cybersecurity firms to probe the incident and correspondingly beefed-up the security lines to avoid such breaches in the future. However, it was recently discovered that a cybercriminal is selling details of 142,479,937 MGM Resorts’ guests, which might have been originally leaked during the first MGM Resorts data breach that took place in the summer of 2019. The offer price of this data on the dark web is placed at $2,939.76.
The Story So Far…
- The actual data breach took place in July 2019.
- MGM notified its guests about the data breach in August 2019.
- The cause of the original data breach was traced back to a misconfigured cloud server.
- 10.6 million guest details including names, date of birth, email addresses, phone numbers, etc., were compromised as per MGM’s statement.
- No reports of loss of financial data like payment card information or password information.
- In February 2020, MGM officially confirmed details about the 2019 data breach after these records appeared as a free download on an underground forum.
- In July 2020, 142 million MGM Resorts’ guest details appear for sale on the dark web for a price of $2,939.
The cybercriminal behind this latest sale has claimed to have obtained the MGM Resorts data after he recently carried out a data breach against DataViper, a data leak monitoring service of Night Lion Security. Although the compromised data does not involve any financial details and/or personal IDs like the SSN (social security number) or license and passport numbers, it would be wise for MGM customers to take the following as precautionary measures:
- Change all passwords of accounts related to MGM resorts bookings.
- Set up a credit monitoring service if you do not have one.
- Beware of phishing and smishing attacks.
- Be vigilant and report any suspicious activity to the authorities concerned.
- Keep a track of all the records and communications between MGM and yourself. This could potentially be very useful in case of filing a class-action lawsuit.