Your IP: Unknown · Your Status: Unprotected Protected
Blog News

MGM breach victims’ data found for sale online

Jul 20, 2020 · 4 min read

MGM breach victims’ data found for sale online

Consumers often have to trust that corporations are going to protect their data — so what happens when that trust is broken? MGM Resorts might be about to find out following new revelations about the scale of a hack they suffered in 2019.

In February this year, months after the initial breach, the company admitted that data from more than 10 million guests had been stolen. They insisted that appropriate action was taken at the time and that those affected had been contacted.

The hack exposed names of guests, along with their phone numbers, email addresses, and dates of birth. That alone would have been bad enough, but five months later the story continues to unfold.

This month, news broke that the real number of victims may have been over 142 million. Worse still, their data is now for sale on the dark web.

The rising threat of data breaches

MGM aren’t the only ones — they’re just the latest in a long line of corporations that let their customers down on security. In 2019, around 800 million unique email addresses and 21 million passwords were stolen and sold online.

Data breaches make headlines with alarming regularity. The fallout from such attacks can be long-lasting both for the corporation and its consumer.

Theft of this scale is usually caused by a range of factors, from malicious social engineering attacks to simple human error. The more employees a corporation has, the greater the number of potential access points for hackers to exploit.

How do data breaches happen?

  • Malware and spyware

    While some malicious software is used to extort money directly from corporations, many will quietly spy on internal messages and private servers. Hackers can monitor this information from afar and use it to gain access to the valuable data they’re looking for. Malware is often unwittingly downloaded from unsecured websites, malicious advertisements, and phishing emails.

  • Phishing and social engineering

    Subtle tactics like phishing continue to successfully target major corporations every year. Using social engineering techniques like pretexting, hackers pose as someone trustworthy and contact the company's employees. They'll either try to gain data directly or steal password information that will allow them to probe deeper into customer databases.

  • Human error and the lack of best practice

    Human error contributes to around 90% of data breaches, as high standards of best practice aren’t always enforced. Many employees use weak passwords, connect to high-risk Wi-Fi hotspots, and forget to encrypt their data. As long as a corporate network’s endpoints remain unprotected, the company as a whole cannot be secured.

How damaging is a data breach?

Once hackers have stolen customer data, they'll often sell it online to other cybercriminals. Stolen data serves a variety of purposes and often aids in further crimes.

Data exposed in incidents like the MGM breach fuels identity theft, the results of which can haunt victims for years. Financial damage, ruined credit scores, and implication in criminal activity will linger on. Once someone’s social security number and credit card details are out in the open, it’s hard to regain control of that information.

Consumers will often entrust huge amounts of sensitive data to corporations, assuming that they enforce rigorous security protocols behind the scenes. When companies let their customers down, it can destroy trust and tarnish reputations. The only winners here are the criminals.

How to protect yourself from data breaches

With corporations like MGM still struggling to stay ahead of cybercriminals, consumers should take whatever steps they can to protect their own data and guard against the effects of a potential breach. Here are three simple ways for anyone to lower the risks of data breaches in 2020:

  • Mitigate the damage of a breach. If a company that stores your data suffers a breach, you should take your own precautions. Change passwords and usernames on any affected accounts, and make sure you’re not using the same login details on multiple platforms. Cancel bank cards if your payment information has been leaked and contact the authorities if your social security number or passport information are exposed.
  • Improve password security. One weak password could cause untold damage. Ensure that all your logins are long, complex, and randomized. If you struggle to remember your passwords, use a manager like NordPass to generate and encrypt complex credentials.
  • Keep track of your outgoing finances. If your banking data has been leaked, you may find evidence of that in your bank statements. Keep an eye out for very minor outgoing transactions: criminals will often test the validity of the information they have by extracting a small amount of money before they go further. If you see any unusual activity, contact your bank immediately.

For MGM, the road to regaining customer confidence may be a long one. Businesses and consumers should now take the necessary actions to ensure that their data stays secure.

For more cybersecurity news, subscribe to the NordVPN newsletter below!


Malcolm Higgins
Malcolm Higgins successVerified author

Malcolm is a content writer specializing in cybersecurity and tech news. With a background in journalism and a passion for digital privacy, he hopes his work will empower people to control their own data.


Subscribe to NordVPN blog