MGM confirms hack exposing 10.6 million guests personal data
The personal information of 10.6 million guests who stayed at MGM Resorts hotels was hacked last summer.
The hack was first reported by ZDNet on Wednesday, which said the stolen information was posted to a hacking forum this week. MGM confirmed the attack took place to the BBC.
The data exposed included full names, home address, birth dates and passport numbers for former guests. MGM said it was "confident" no financial information had been exposed. The resort chain said it was unable to say exactly how many people were impacted because information that was exposed might be duplicated. The data reportedly contains no information from guests who stayed at the resorts after 2017.
"Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter," a spokesperson for MGM Resorts said.
MGM said most of the data that was stolen was "phonebook information" like names, telephone numbers and email addresses, which are already publicly available. But approximately 1,300 former guests were notified that more sensitive information including passport numbers had been revealed. A further 52,000 customers were told that less sensitive personal information was exposed. This was only a portion of those impacted.
MGM said its notification to customers followed state laws. Most US states do not require companies to tell customers if data which is already public has been exposed during a hack.
Among the people who were impacted reportedly included celebrities like Justin Bieber and Twitter founder Jack Dorsey, according to ZDNet. Those targeted would also include government officials, including from the Department of Homeland Security and the Transportation Security Administration; regular tourists, reporters, and FBI agents. MGM have not confirmed this. ZDNet said it verified the authenticity of the data with a security researcher from Under the Breach, a soon-to-be-launched data breach monitoring service.
MGM has resorts in Las Vegas, Atlantic City and Detroit in the US. It also has property in China and Japan and is developing a new resort in Dubai. Its Las Vegas resorts frequently draw thousands of guests for casino tournaments, boxing matches and UFC fights.
Cyber attackers can use all sorts of information, even data that is less sensitive, to target an individual online. This is not the largest hacking of hotel guest information. In 2017, Marriott Hotels experienced a much larger data breach exposing 500 million guests. That attack was linked to Chinese state-sponsored hackers.
SOFTSWISS enters third year of collaboration with Rubens Barrichello
MGM Resorts sells Ohio's Northfield Park operations to Clairvest Group for $546 million
New Jersey: Hard Rock exits Meadowlands casino plan, sells stake to Gural
BMM Testlabs’ Marzia Turrini wins Best Executive Leadership category at 2026 Italian Gaming Awards
Nigel Eccles' BetHog raises $10 million, launches AI dealer platform for casino operators
GR8 Tech partners with Cryptopay to expand crypto payment capabilities
GLI gathers nearly 300 regulators for 26th Annual Regulators Roundtable
Altenar to spotlight sportsbook strategy gap at SiGMA South America
How Algotech combines algorithmic pricing and trading services to support sports betting operations
BetMGM to host $4 million Poker Championship at ARIA Resort in Las Vegas
Soft2Bet shortlisted in four categories at EGR B2B Awards 2026
