Houston-based firm Emerson Firm announced Wednesday, Feb 26, it is still continuing its investigation over the massive data breach that impacted MGM Resorts International (“MGM”) last year.
In a press release, the law firm said it is currently working on investigating the security incident on behalf of the over 10 million customers that were affected by the incident and whose personal details have been exposed on a closed internet forum.
Earlier this month, the US casino and hotel giant MGM Resorts International revealed that it became a victim of a data breach in the summer of 2019, potentially exposing the details of millions of its hotel guests.
“Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts,” the casino giant said in a statement. “We are confident that no financial, payment card or password data was involved in this matter.”
According to MGM, it had discovered that a third party has gained unauthorized access to a cloud server that contains information of a certain number of previous guests. Among the information leaked included the guests’ names, phone numbers, physical addresses, as well as some more sensitive data, including driver’s licenses, passports, and military ID cards.
In response to the incident, MGM Resorts said it had immediately contacted guests that are potentially affected by the incident, worked with law enforcement, and hired two cybersecurity firms to review and help fix the breach.
“At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again,” the company said.
A few days after the announcement, a lawsuit has been filed against the hotel and casino giant following the publication of the personal details of the affected customers on a popular internet hacking forum. Among the data leaked included personal information of high-ranking hotel guests, such as celebrities, chief executives of companies, and some government officials.
“On information and belief, the Data Breach was a direct result of MGM’s failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect customers’ personally identifiable information (“PII”),” Emerson Firm said on a statement.
The incident comes as the latest addition to the list of cyberattacks targeting the American hospitality industry for the past years. In 2018, another hotel giant, the Marriott hotel, revealed it had been hacked by cybercriminals that had compromised the data of about 500 million hotel guests.