The personal information of over 10.6 million customers of MGM Resorts has been published online.
MGM Resorts confirmed the leaked data as being the result of a data breach that occurred last year. The data includes full names, home addresses, phone numbers, email addresses, birthdates, and, in some cases, passport numbers of 10,683,188 hotel guests, including celebrities and prominent public figures such as Justin Bieber and Twitter CEO Jack Dorsey.
“Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts,” the company said in an official statement. “We are confident that no financial, payment card or password data was involved in this matter.”
MGM maintains that it alerted residents of states that require reporting of breaches of “phonebook data,” or personal information that would be available via public record. The company has not yet indicated whether it would be providing credit monitoring or identity theft protection to customers affected by the breach.
Travel and hospitality industries have been a frequent target of hackers in recent years, perhaps most notably being the 2018 Marriott data breach that affected 300 million customers.