The hack on MGM Resorts that has exposed the personal details of over 10 million people may be a smokescreen for a far more sophisticated attack to get in-depth personal data on law enforcement leaders, private sector heads, key government influencers and politicians.

This is according to Sam Curry, chief security officer at Cybereason, who acknowledged that the MGM Resorts hack was devastating for all of the 10.6 million people whose data has been published on a hacking forum, a small minority had far more severe data exposed.

He highlighted that while for the majority, personal details were restricted to names, home addresses, phone numbers, emails and dates of birth, for 1,300 individuals, data from personal IDs was also present.

“The biggest concern in the MGM disclosure is that hackers stole deeper, more sensitive data on 1,300 individuals, including information off driver’s licenses and military ID cards,” said Curry.

“While it is too early to speculate, there is the possibility the theft that appears to have impacted 11 million customers is a diversion for a specific, strategic attack to access information on influencers in government, law enforcement, politics and the public and private sector.

“That’s not to say that the larger set isn’t suffering but rather that their suffering is a callous digital ‘collateral damage’ covering the more focused and motivated compromise like an assassin throwing a grenade into a crowd on a busy street to cover their true intention.”

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The data included personal and contact details not only for business and leisure travellers, but for government officials, journalists, celebrities and tech CEOs.

MGM Resorts becomes latest hotel group to suffer hack

Whether the MGM Resorts hack, which was first exposed by ZDNet, is truly a targeted attack in disguise is impossible to say for certain, but it does highlight how the hotel industry is increasingly being seen as a target of choice by cybercriminals.

“MGM Resorts isn’t the first major hotel group to fall victim to data theft, and it won’t be the last. Hotels collect highly sensitive information from their guests, including names, phone numbers, home and email addresses, and more,” said Chris DeRamus, CTO of DivvyCloud.

“As such, cyberattacks aimed at hospitality organisations are on the rise. In recent years, we’ve seen multiple hotel giants, such as Choice Hotels and Marriott’s Starwood Hotels, suffer from costly data breaches.”

Notably, even the non-financial data stolen in the attack can still cause problems for victims.

“This sort of data is a honey pot for cybercriminals. When personal information such as this is leaked it becomes very sought-after, especially when it includes contact details for a number of high profile users such as celebrities,” said Jake Moore, cybersecurity specialist at ESET.

“All the users on this list should now be concerned about the increased risk of further attacks such as targeted phishing emails, or worse still, falling victim to SIM swapping. This is when cyber criminals use social engineering to manipulate mobile network providers into porting your phone number to a new SIM. Attackers can then change two-factor authentication (2FA) codes and get into online accounts bypassing passwords.”

Read more: Radisson Hotel hack shows vulnerability of hospitality industry