Data breaches are still on the rise, while cybercriminals are continuously finding ways to profit off of stolen PII. Although the MGM breach occurred in 2019, here we are midway through 2020 and still learning of the impact it may have had on past hotel guests. The scope appears to be quite larger than originally suspected - with a nominal price tag on the dark web.
Although financial information, Social Security numbers, and actual reservation details were not exposed, MGM was able to confirm names, postal addresses, DOBs, email addresses and phone numbers were compromised. Furthermore, security research firms have confirmed this data has been sold amongst private hacking circles since at least July 2019. It appears that some Russian-speaking hacking forums are advertising the info for 200M+ guests....will the number at stake keep growing as we continue to dive deeper into this breach?
The MGM Resorts 2019 data breach is much larger than initially reported, and is now believed to have impacted more than 142 million hotel guests, and not just the 10.6 million that ZDNet initially reported back in February 2020. The new finding came to light over the weekend after a hacker put up for sale the hotel's data in an ad published on a dark web cybercrime marketplace. According to the ad, the hacker is selling the details of 142,479,937 MGM hotel guests for a price just over $2,900.