Personal information from more than 10 million people who stayed at MGM Resorts was posted to a hacking forum earlier this week, NBC News reported.
According to the network, no financial data was posted, but full names, birthdates, addresses, email addresses and phone numbers were exposed.
MGM in a statement said that last summer “unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts” was found.
“We are confident that no financial, payment card or password data was involved in this matter. MGM Resorts promptly notified guests potentially impacted by this incident in accordance with applicable state laws,” a spokesperson for the company told NBC News, which noted that the posting of hacked information was first reported by ZDNet on Wednesday.
MGM didn’t say which of its properties were affected, adding that it hired two cybersecurity forensics firms to help conduct an internal investigation into the matter.
However, NBC News contacted a man listed in the breach with a Secret Service email address who said that the MGM never contacted him about the breach.
The posting also reportedly contained the information of high-profile people, such as entertainer Justin Bieber and Twitter CEO Jack Dorsey.
Also included was the information of Stephen Paddock, the man who killed 58 people when he opened fire from the 32nd floor of the Mandalay Bay Resort into crowds at a music festival on Oct. 1, 2017.
MGM said that it has “strengthened and enhanced the security of our network to prevent this from happening again.”