The personal details of more than 10.6 million MGM Resort guests are reported to have been published on a hacking forum. Amongst them, personal and contact details for a number of high-profile individuals including celebrities, tech CEOs and government officials.

Commenting on the incident, ESET cyber security specialist, Jake Moore said: “This sort of data is a honey pot for cyber criminals. When personal information such as this is leaked it becomes very sought-after, especially when it includes contact details for a number of high-profile users such as celebrities. All the users on this list should now be concerned about the increased risk of further attacks such as targeted phishing emails, or worse still, falling victim to SIM swapping. This is when cyber criminals use social engineering to manipulate mobile network providers into porting your phone number to a new SIM. Attackers can then change two-factor authentication (2FA) codes and get into online accounts by-passing passwords.”

Data privacy consultant at Bridewell Consulting, Becky Nicholson added that, given the scale and frequency of data breaches, we are in danger of becoming numb to them.

"At this stage, it’s not clear how the hacker managed to gain access to MGM’s cloud server. However, technical defence is still paramount, and in particular, regular penetration testing is vital. It’s also just as important to test employee awareness,” she said.

“Employees will always be the weakest link but with the right education can be an organisation’s biggest asset in terms of defence. Such employee awareness training can also be measured by regular phishing or red team assessments.”

Share Story: