MGM didn't disclose the number of customers affected, but The New York Times, citing Under the Breach, a cybercrime monitoring company, said 10.6 million people had their information exposed.
In fact, Under the Breach found that several high-profile guests at MGM properties had
their email addresses, phone numbers and physical addresses exposed, including
one guest with the same name as Jack Dorsey, the CEO of Twitter (TWTR) - Get Report, the Times reported. Twitter declined to comments for the Times.
"Last summer, we discovered unauthorized access to a cloud server that
contained a limited amount of information for certain previous guests of MGM
Resorts," MGM Resorts said in a statement. "We are confident
that no financial, payment card or password data was involved in this matter."
The company told the Times that most customers affected had "phone book information" breached such as names, phone numbers and addresses. About 1,300 individuals had more sensitive data such as driver's licenses and passports exposed, MGM Resorts said.
ZDNet was the first to publish a report that detailed how the personal information of MGM Resports guests was posted on a hacking forum. MGM Resorts acknowledged the breach after the ZDNet report.
MGM Resorts said it has hired two cybersecurity companies to help investigate the data breach and to upgrade the company's security systems.
Shares of MGM Resorts fell 0.5% to $31.93 in trading Thursday.