MGM Resorts hack exposes details of 10.6 million guests
One of Las Vegas’s biggest hotel chains has been hacked, exposing the personal data of millions of individuals.
MGM Resorts was hit by cybercriminals, first reported by ZDNet, who lifted personal and contact details for 10.6 million hotel guests, including celebrities, employees and government officials. Among the information taken was full names, home addresses, phone numbers, emails and dates of birth.
Financial information does not appear to have been stolen in the attack.
MGM Resorts has more than 20 hotels worldwide, but its biggest concentration is in Vegas, where it owns 13, including the Bellagio, Mandalay Bay, Aria, Vdara and the Mirage.
While sizable, the breach pales in comparison to the 2018 breach of Marriott, which exposed data of up to 500 million guests.
The information was posted to a hacking forum Monday. It’s unclear which hotels were affected by the attack though one news outlet who scanned the names noticed that information about Stephen Paddock, the man who opened fire from the Mandalay Bay Resort on Oct. 1, 2017, killing 58 people, was included in the data dump.
MGM, in a statement to Fortune, said it discovered unauthorized access to a cloud server last summer.
Worried you’re a possible victim of the MGM Resorts hack? Here are a few precautionary steps to take:
Monitor your financial accounts
Even though MGM says financial records weren’t accessed, it’s best to be safe. Check your accounts for fraudulent activity. Most Americans don’t keep close tabs on their checking and saving balance and don’t examine every item on their credit card bill – and hackers count on that.
Set up credit monitoring
Identity theft is the big threat here and you want to be sure no one is using your personal information. It’s also not a bad idea to sign up for a credit monitoring service, such as Equifax’s TrustedID Premier (though Equifax had a notable data breach of its own in 2017) or CreditKarma.
If you’re especially worried, consider a credit freeze, which prevents new credit from being issued without your direct permission.
“Your best protection against someone opening new credit accounts in your name is the security freeze (also known as the credit freeze), not the often-offered, under-achieving credit monitoring,” notes the U.S. Public Interest Research Group.
Change your passwords—again
Yes, it’s a pain, but it’s a critical step, especially if you’re using the same password on multiple sites.
More must-read stories from Fortune:
—How Apple defied the odds to post the biggest quarterly profit ever
—Oracle and Google are about to face off in tech’s trial of the century
—Can San Francisco be saved?
—Did the ‘techlash’ kill Alphabet’s city of the future?
—Predicting the biggest tech headlines of 2020
Catch up with Data Sheet, Fortune’s daily digest on the business of tech.