That MGM Resorts Data Breach is Much Worse than Originally Reported
Category
Awareness, News
Risk Level
If you’ve hit the strip in Vegas recently, odds are you visited or stayed at an MGM Resorts property. Unfortunately, it was disclosed in February that 10.6 million guests had their personal information stolen and posted on the dark web for sale. While the number of people impacted paled in comparison to the 500 million that were impacted in the data breach at Marriott, it’s now being reported that not only has the data been for sale on the dark web since July, the number of impacted people is considerably larger.
“What is a data breach?”
A data breach is when information is exposed to someone who should not be able to see it. While most data breaches that you hear about in the news are related to passwords or credit card information being stolen by a hacker, a data breach can also include your personal information, health information, or proprietary information from your organization. These are all things that shouldn't fall into the wrong hands.
“Ok, but what does it mean for me?”
Data breaches can be tricky because you have to understand what has been taken, and how you can protect yourself from that information being used inappropriately. For example, if the news reported that passwords had been stolen from a website, you would change your password for that website. Or, if your credit card number gets stolen, you usually report it to your credit card company and receive a new one. If you don’t take action though, this could lead to problems for you.
“What happened this time?
According to reporting from multiple sources, it appears that the personal information of over 142 million guests who provided their information to MGM Resorts was stolen. When the story first broke in February, the number of impacted people was 10.6 million, and MGM Resorts has said they notified those who were impacted.
However now that the number is much higher, it’s also been noted that the data has reportedly been on sale on the dark web for over a year, meaning you may not have even known you were impacted. And while the number is currently set at 142 million, there are fears the number may be larger. Currently, the information exposed includes:
Name
Birthday
Address
Email
Phone number
However, there is a fear that more information types may have been stolen and this story is still developing.
“So what do I do?”
The key after a data breach is to focus on the sensitive information that was stolen, and what actions that you can take to mitigate the effects. We’ve outlined the most important ones below, and what you should do right now.
NAME / BIRTHDAY
Unfortunately, there’s not a lot you can do to protect your name or birthday if it has been stolen in a data breach. Buying services like identity theft monitoring can help, but the best way is by freezing your credit. Check out our easy to follow guide for more information
ADDRESS
Unfortunately your address isn’t virtual and you can’t just “reset it.” So what can you do? Most likely no one is going to come visit you, but they may try to use your address to apply for a new credit card.
Your email has likely become an extension of your name at this point, so how do you protect it? Unlike your name you have a few options. Changing it doesn’t make sense since you’ll have to update your family, friends, and websites with your new address. Instead, make sure you stay alert for phishing emails (emails that try to trick you into doing something bad) since your email has probably been added to a spam list and you’ll be receiving more junk email soon. If you’ve re-used your email password elsewhere, you should change it - and get a password manager while you’re at it!
PHONE NUMBER
When your phone number is stolen, two main things can happen:
First, your number usually gets added to a call list for scam calls. These are fake calls that can come from “the IRS”, “the Chinese Consulate”, “your boss”, or someone with “a great vacation offer.” While the government and telephone companies are trying to figure out how to reduce the number of calls coming through (including the fake calls from phone numbers similar to your), it’s best to not answer any call from a number you don’t know. If you do answer, be skeptical, and ask to call them back on a number you know or that you can search for online (like the phone number posted on a reputable business website).
Second, with the information stolen in this data breach, hackers potentially have enough information to conduct a “SIM jacking” attack - essentially stealing everything from your phone but remotely. We’ve talked about how to stop this on the ACT, so make sure to give our guide a quick read.
Finally, if you’re worried about staying on top of the latest data breaches, make sure to subscribe to the ACT Digest, where we’ll tell you about what’s going on in the cybersecurity world, and how you can protect yourself, your friends, your family, and your organization.