Casino operator MGM Resorts confirmed Thursday that a data breach last year compromised the personal information of guests who have stayed at its Las Vegas hotels.
Technology website ZDNet first reported that more than 10.6 million guest accounts were posted to a hacking forum this week. MGM has not confirmed the number of hotel guests affected by the breach.
Full names, birthdates, addresses, email addresses and phone numbers were leaked, but no financial information was included.
Last summer, the company said in a statement that it "discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts."
"We are confident that no financial, payment card or password data was involved in this matter. MGM Resorts promptly notified guests potentially impacted by this incident in accordance with applicable state laws," a spokesperson for the company said. (A majority of states don’t require notification for publicly available phonebook data.)
Upon discovering the issue, MGM retained two leading cybersecurity forensics firms to assist with its internal investigation, review and remediation of the issue.