MGM Resorts International confirmed Wednesday that the company fell victim to a data breach last summer and claimed that its has since reached out to individuals who had their information compromised.
“Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts,” the company said in a statement provided to business magazine Fortune.
“We are confident that no financial, payment card or password data was involved in this matter … At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again.”
This statement came shortly after tech news website ZDNet broke the story, revealing that the user information was published on an online hacking forum.
The article noted that an employee of cybercrime monitoring company Under the Breach brought the leak to ZDNet’s attention. “These users now face a higher risk of receiving spear-phishing emails, and being SIM swapped,” the outlet said, citing Under the Breach.
Though MGM Resorts International did not reveal how many users had been impacted by the hack, Under the Breach estimated that some 10.6 million guests were affected. MassLive reported that MGM claimed to have “promptly notified guests potentially impacted by this incident,” and has since retained the services of cybersecurity forensics firms to address the issue.