MGM Resorts Hit in 2019 Data Breach, Hackers Shared Info of 10.6 Million Guests on Dark Web

MGM Resorts International (MGM) was the target of a large-scale technology infiltration last year, one that resulted in the personal data of more than 10.6 million guests being shared on the dark web.

Bellagio operator MGM was the target of a hack in which 10.6 million records were stolen. (Image: Axios)

ZDNet broke the story earlier today, reporting that it had “verified the authenticity of the data” and that the gaming company confirmed that a contravention of guests’ private information occurred last year.

MGM, the largest operator on the Las Vegas Strip, told the outlet it notified the former guests about the incident. To be precise, hackers obtained data for 10,683,188 past MGM patrons, including celebrities, government officials, and journalists.

Data obtained by the cyber thieves include full names, home addresses, phone numbers, emails, and dates of birth. But MGM told ZDnet it’s confident payment card data and passwords weren’t found in the attack.

Among the rumored well-known victims in the breach of MGM guest data are pop star Justin Bieber and Jack Dorsey, the CEO of Square and Twitter.

Casino.org reached out to MGM for comment, but did not hear back prior to publication of this article.

Not The First Time

Casinos, both land-based and online, have become prime targets for cyber criminals. In 2015, the US government accused Iran of authorizing a hack against Las Vegas Sands (LVS) after Chairman and CEO Sheldon Adelson – an ardent supporter of Israel – made harsh comments against the Islamic Republic’s nuclear ambitions.

Last year, the US Department of Justice (DOJ) shut down a vast hacking operation run out of Eastern Europe. That operation tried to steal $100 million from a variety of American businesses, including an unidentified casino in Gulfport, Mississippi, using a computer virus known as GozNym.

More recently, Golden Entertainment said that it discovered instances of unauthorized access to employees’ email accounts running from May 30, 2019 through Oct. 6, 2019. Golden operates the Strat on the Strip, as well as nine other gaming properties in Nevada and Maryland.

The architects of that breach reportedly obtained sensitive information, such as drivers licenses, payment cards and Social Security numbers. Golden previously notified guests, staff, and vendors about the situation.

Small by Comparison

At a time when customers – regardless of industry – are taking seriously guarding of their data, an information violation is never a good look for companies. But if there’s a silver lining for MGM, it’s that 10.6 million records is a relatively small-scale attack.

Focusing on the travel and leisure industry, the MGM hack is paltry compared to the 383 million records cyber thieves swiped from Marriott’s Starwood hotels. That infiltration was announced in 2018 and reportedly started in 2014.

The MGM breach is also a fraction of the size of the 147 million cyber criminals pilfered in the 2017 penetration of credit scoring firm Equifax.

In the 2010s, the largest data breach occurred in 2013, impacting each of Yahoo’s three billion users. That incident came to light in 2016, when the company said at least 500 million accounts were targeted. But a subsequent announcement put the figure north of one billion and it rose from there.

Todd Shriber
Todd Shriber Financial Reporter

Todd Shriber is a senior news reporter covering gaming financials, casino business, stocks, and mergers and acquisitions for Casino.org.

Todd got his start in financial markets as a reporter with Bloomberg News. Later, he became a trader at a Southern California-based long/short hedge fund, where he specialized in the trading sector and international ETFs leading up to and during the financial crisis. He joined Casino.org in 2019.

Currently, Todd analyzes, researches, and writes on ETFs for various web-based publications and financial services firms. Shriber has been featured and quoted in Barron's, CNBC.com, and The Wall Street Journal. His work can also be found on Benzinga, ETF Daily News, ETF Trends, MarketWatch, Fox Business, and Nasdaq.com.

He currently resides in Las Vegas, where he enjoys golf and taking his black lab to the dog park. He's also an avid sports fan and likes to wager on college football and the NBA. You can also find him at the three-card poker and roulette table, even though he knows better.

Contact Todd at todd.shriber@casino.org.

Comments icon

Conversation (0)

+ Add a comment

Be the first to comment on this article.

Write a comment

Your email address will not be published.