MGM Resorts Hit With 10.6 Million Guest Breach, Lawsuit Ensues Drew Wilson | February 24, 2020 MGM Resorts has been hit with a data breach. 10.6 Million guests have been impacted. In response, a lawsuit has been filed against the company. MGM Resorts is the latest company to be hit with a data breach. The company owns or leases a large number of different hotels and other major destinations across the US and around the world. If you live in, say, Las Vegas, what MGM Resorts owns is quite significant. So, naturally, when MGM Resorts got hit with a data breach, it’s going to be big news. Given how much the company owns, it’s probably no surprise that the number of guests that were impacted is going to be big. In fact, the estimated number of guests impacted is 10.6 million. From WWLP: CNBC reports that MGM Resorts said on Thursday it was the victim of a data breach last year after an earlier report claimed that details of over 10 million hotel guests had been compromised. That data includes full names, birthdates, addresses, email addresses, and phone numbers. A spokesperson for MGM said no financial, payment card or password data was involved in the matter and guests were notified. They also did not disclose which properties were affected. MGM spokesman said MGM Resorts has upgraded the security of its network to avoid such breaches in the future. “Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter. MGM Resorts promptly notified guests potentially impacted by this incident in accordance with applicable state laws. Upon discovering the issue, the Company retained two leading cybersecurity forensics firms to assist with its internal investigation, review and remediation of the issue. At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again.” One thing is for sure, it didn’t take long for lawyers to get busy. Morgan & Morgan filed a lawsuit against MGM Resorts. From the Chronical Herald: U.S. casino operator MGM Resorts International has been sued over a data breach last year, which the company confirmed earlier this week and which reportedly involved details of over 10.6 million hotel guests. The lawsuit was filed by law firm Morgan & Morgan, whose lawyer John Yanchunis has also represented some Yahoo users in a breach of 3 billion accounts between 2013 and 2016. Technology website ZDNet reported that the personal details of more than 10.6 million guests who stayed at MGM Resorts hotels were published on a hacking forum this week. The details in the leaked files reportedly included information on celebrities, chief executives of technology companies, reporters and government officials. Morgan & Morgan filed its lawsuit on Friday as a “complaint for damages” and “injunctive relief”, according to the filing at the U.S. District Court for the District of Nevada. For some long time readers of Freezenet, the name “Morgan & Morgan” might sound distantly familiar. In that case, you might be thinking of the AMCA/Quest Diagnostics class action lawsuit back in June of last year. That, of course, was a pretty big story. Of course, that isn’t the only lawsuit from the law firm we covered. Also in July of last year, we covered the class action lawsuit filed by the law firm against Capital One over another major data breach. At the time, that was also a pretty high profile story. Some might even think that only felt like yesterday that the story was blowing up. So, at the very least, the law firm is definitely no stranger to filing data breach related lawsuits. In fact, one might argue that business is booming for law firms like this thanks to all the data breaches and leaks going around. In this case, it’s yet another lawsuit against yet another high profile company. Drew Wilson on Twitter: @icecube85 and Facebook.