MGM Resorts has acknowledged that personal information of about 10.7 million hotel guests was published on a hacking forum earlier this week. The data exposure was confirmed to CNET sister site ZDNet by MGM Resorts on Wednesday. Included in the data were full names, phone numbers, addresses, emails and dates of birth.
ZDNet confirmed the data's accuracy by reaching out to some customers whose information was published on the hacking forum.
The data was accessed via a security incident in 2019, an MGM Resorts spokesperson told ZDNet, during which all affected customers were notified.
"Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests," the hotel chain told ZDNet, adding that no financial or credit card data leaked.
MGM Resorts didn't immediately respond to a request for comment from CNET but told ZDNet it has since improved its network security. Its hotels include the Bellagio, Aria, MGM Grand, Mandalay Bay, Park MGM, Mirage, New York New York, Luxor and Excalibur in Las Vegas.