MGM Data Breach - Why Hackers Steal Seemingly Insignificant Data
The world learned last week that the information of over 10 million hotel guests at MGM Resorts was obtained by hackers. The data breach is the result of a security incident that occurred last year, but the data was being shared in hacker circles recently and discovered and verified by ZDnet.
Most of the data is limited to hotel stay info, addresses, and phone numbers dating back to 2017 and earlier.
Since Kelser is a trusted, local managed service and cybersecurity provider, FOX61 News had Kelser CTO Jonathan Stone on following the breach to discuss what hackers can do with this type of apparently harmless information.
“Not really serious personal data, but still it could give a hacker the ability to socially engineer some information out of you. Imagine getting a phone call from someone who said they were from MGM and were looking for information on your stay, or maybe they needed to update the credit card information on file. It could give people the platform to do that.” – Jonathan Stone, Kelser Corporation CTO discussing the MGM data breach on FOX61 News
Why Even Seemingly Insignificant Data Matters
While info about when you went on vacation three years ago is certainly nowhere near as damaging as, say your Social Security Number or banking information leaking, it can be used by hackers to commit more serious crimes.
Imagine how much more convincing a call or email from a scammer would be if it contained info you knew to be true—your address, and which resorts you stayed at and when. That goes a long way toward a scammer avoiding any suspicion and potentially eliciting more valuable information from you.
The bottom line in incidents like these is that if you think you might have been affected, you need to be extra vigilant when it comes to inquiries arriving to you via phone, email, or even snail mail.
Generally, companies such as MGM don’t contact customers asking for personal information, so any company making a request along those lines is potentially a red flag. It’s best to take your time and double check that the correspondence is legitimate.
For businesses, the takeaway here is that it’s important to secure all of your customer information, even if it doesn’t seem particularly valuable. If you can’t secure it or it seems daunting to do so, you could consider if you really need to keep that information on file. Hackers can’t steal what doesn’t exist.