News of the massive MGM data breach is yet another example of hackers successfully hitting the travel and tourism industry, and the fallout of this one is monumental.
First reported by ZDNet, it’s understood that the attack took place last summer, and that some of the former guests affected by the cyberattack have been notified. It’s understood that at least 10.6 million guests have been affected by the attack, although MGM has also admitted that there could be more.
This breach follows a string of infamous attacks involving the tourism industry in the last few years. The first GDPR Group Litigation Order (GLO) in England and Wales is for the 2018 British Airways data breaches, and both Marriott and Cathay Pacific have also been hit with attacks in recent years.
About the MGM data breach
The MGM data breach involves the information for at least 10.6 million former guests, but the number of victims could be more.
Information exposed in the attack has been described as like a “phonebook” of data, with financial details said to have not been affected.
Data exposed may include:
- Names;
- Postal addresses;
- Email addresses;
- Passport numbers.
All victims whose information has been exposed should be informed about what has happened. However, as the incident took place last year, it may be that the damage has already been done for some. It’s also understood that the number of victims whose passport information has been exposed may be minimal.
Risks to victims
Even a small amount of information in the wrong hands can put victims at risk of crime, and with the incident taking place last year, some people may already have been targeted.
Information exposed in the MGM data breach could be enough on its own for people to fall victim to scams and further hacks. According to the Twitter feed for data breach resource site, Have I Been Pwned, a staggering 82% of the email addresses in this breach were already in their lists. This shows how dangerous it is when people re-use the same credentials, as scammers can piece together data from multiple breaches to cause harm to victims.
No breach of information should be taken lightly. Victims of this attack should take immediate steps to try and ensure that they will not suffer further.
Another tourism data breach
The MGM data breach is yet another incident to have hit the travel and tourism industry. It follows other recent big ones that involve British Airways, Marriott and Cathay Pacific.
In the BA Group Action, our firm has been appointed to the Steering Committee that’s responsible for the overall conduct of the litigation. We’re representing a large group of victims for legal cases on a No Win, No Fee basis, and we’ve seen first-hand how victims have been affected.
Victims have been targeted by scammers, with some experiencing fraudulent transactions on accounts – both bank accounts and on loyalty accounts. Not only is this kind of financial loss claimable, but victims can also be entitled to compensation for the distress caused by the loss of control of personal information as well. This can be exacerbated when money is stolen.