The 142 guests who had data exposed, which is far higher than the 10.6 million that was initially reported back in February 2020. The new finding came to light over the weekend after a hacker put up for sale the hotel’s data in an ad published on a dark web cybercrime marketplace.
Looking into the issue for Digital Journal is Bitglass CTO, Anurag Kahol.
According to Kahol the fact that new information is emerging is not surprising for these types of cyberattacks: “Unfortunately, data breaches can impact victims for months, or even years, beyond the initial exposure. This is due to cybercriminals continually selling data on the dark web and leveraging the information to launch extremely targeted phishing scams.”
Look at the hotel company’s specific issue, Kahol says: “When news of MGM’s data breach broke in February, it was reported that 10 million MGM guests had their information exposed; however, activity on the dark web observed that at least 142 million guests may be impacted.”
There are also particular concerns with the travel sector, which Kahol explains: “Every year, hotels and resorts collect sensitive consumer data and store the personally identifiable information of millions of guests. In this case, some of the compromised guest information such as dates of birth, phone numbers, home addresses, and email addresses, belonged to government officials, celebrities, and well-known enterprise executives. Incidents like this emphasize the vitality of ensuring that proper cloud security controls are implemented to maintain data security.”
In terms of what can be done, Kahol recommends: “To mitigate the risks of future data breaches and protect sensitive data, hospitality organizations and other companies need to have full visibility and control over their data. By leveraging multi-faceted solutions that enforce real-time access control, detect misconfigurations through cloud security posture management, encrypt sensitive data at rest, and manage the sharing of data with external parties, and prevent data leakage, organizations can ensure the privacy and security of customer information.”
