The personal data of more than 10 million people, including celebrities and government officials who stayed at MGM Resorts, was posted to an online forum this week, ZDNet reported on Wednesday.
The data included personal details like full names of guests, their birthdates, addresses, email addresses, and phone numbers. No financial data was included in the hack, the outlet reported. Another 1,300 individuals had data from their driver's licenses, passports or military ID cards exposed.
The data file included the details of some 10,683,188 former guests, according to an analysis by ZDNet. The outlet confirmed that many of the details included the personal information of many high-profile users, including Twitter CEO Jack Dorsey, Justin Beiber, as well as members of the military and people connected to the Department of Homeland Security.
In a statement, MGM Resorts said they discovered "unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts," last summer.
"We are confident that no financial, payment card or password data was involved in this matter. MGM Resorts promptly notified guests potentially impacted by this incident in accordance with applicable state laws," a spokesperson for the company told NBC News.
Two cybersecurity firms were retained by MGM after they discovered the issue to help them with their internal investigation and what to do to remediate the issue.
"At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again," the company said.
Hotels have been ripe targets for hackers in the past, including the hack of the Marriott Hotel chain in 2018, in which the data of around 500 million hotel guests was compromised. Another large scale data breach at Equifax exposed the data of more than 146 million Americans.
Photo: Getty Images