MGM sued over massive breach of guests’ data

mgm-sued-over-massive-breach-of-guests-data

A little note about a massive data breach apparently isn’t enough to keep everybody happy. One former MGM Resorts International guest wants more, suing the company for a security breach that is believed to have affected 10.6 million people.

mgm-sued-over-massive-breach-of-guests-dataMGM Resorts confirmed last week that their cloud server had been hacked during the summer of 2019. A large cache of information was stolen, including driver’s license and passport information, home addresses, phone numbers, birthdates, and email addresses. No financial data appears to have been stolen.

The data leak was first published in a hacking forum but was later confirmed by MGM Resorts themselves. Among those who had their personal information stolen were reporters, government officials, tourists, celebrities, CEOs, and MGM employees.

In a statement, MGM notified customers that “last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter.”

Upset about the failure to protect his personal information, John Smallman filed suit against the company on February 21 in Nevada, claiming that they did not provide “adequate and reasonable” security for their systems. He explained in his suit that he, as well as other guests, will now have to spend a significant amount of time and money working to protect themselves from potential fraud.

MGM did not provide comment regarding the lawsuit but has maintained that the information taken was nothing that was not already available. Following the initial disclosure of the hack, an MGM spokesman explained that the information stolen was really “phonebook” data, information that could easily be found by using a search engine such as Google.

However, Smallman vehemently disagrees, pointing out that the information included people’s personal license numbers, passport numbers, and military identification numbers. Also, dates of birth were included along with addresses, making it easier for criminals to create false identifications. In his suit, he explained that the breach will now mean that he “will forever be at a heightened risk of identity theft and fraud.”