A number of Canadian tourists received notification Saturday that their personal data has been compromised following a stay with MGM Resorts International.
In February, the casino operator confirmed that it had been hacked in summer 2019, and certain information — including some guests’ driver’s license and passport information — had been stolen from a cloud server.
On Monday, MGM said it had recently finished analyzing data concerning Canadian guests and “moved to notify individuals (affected by the security breach) consistent with Canadian requirements.”
The vast majority of the data consisted of contact information such as names, postal addresses and email addresses, according to the statement.
By February, about 52,000 people had been notified about the hack in accordance with applicable state laws, according to MGM. It did not disclose how many have been notified following the recent analysis.
Some Canadian customers received an email from MGM notifying them that their personal information had been compromised.
“On July 10, 2019, we learned that an unauthorized party had accessed and downloaded certain MGM Resorts guest data from an external cloud server a few days earlier,” the letter says. “The affected information may have included names, contact information (such as postal addresses, email addresses, and phone numbers), and dates of birth. The specific data affected differed for each impacted individual.”
According to the letter, MGM enhanced its security measures after learning of the security breach by “further strengthening (its) monitoring capabilities to detect unauthorized system activity.” It also coordinated with law enforcement and began working with a third-party data security expert to assist with an investigation of the incident.
MGM Resorts said it would provide a year’s worth of credit monitoring service Equifax Complete Premier Plan for those affected.