Cloud Breach At MGM

By

What happens in Vegas stays in Vegas. Or so we thought. If you have stayed at the Luxor, Aria, Bellagio, MGM Grand, Mandalay Bay or any of the other MGM Resort properties, chances are you could be one of the 10.6 million customers involved in the worst cybersecurity breaches the hospitality industry has ever seen. This massive data breach was made back in the summer of 2019 but news of the breach was just released this week by ZDNet.

Gambling With Mediocre Cybersecurity And the Dark Web

Details of the breach were published on the Dark Web in a hacker’s forum and discovered by a security researcher and ZDNet who first published the news. On February 20th. Many people don’t know about the Dark Web, but for those

What information Was Stolen From the MGM Resorts Cloud?

MGM Resorts have reassured the public that no financial data, credit cards, or passwords were involved in the breach. Any guest that was impacted or potentially impacted were ‘promptly notified’. However, this is another blow against security for the parent company of Mandalay Bay who is still recovering from their stained reputation after the Route 91 Harvest Festival massacre in 2017. Security on all fronts- including cybersecurity- is the backbone to keep any business’ reputation standing strong.

It is a small relief that financial data wasn’t stolen, but cybersecurity hackers can still be creative with what was leaked. Former guests’ full names, home addresses, phone numbers, emails, and dates of birth lay the foundations for more creative tactics like spear phishing. Spear phishing is a more disturbing attack involving SMS swapping. SMS swapping uses cell phones and interprets cell phone conversations. Everything you say is then used to produce attacks at specific locations and corporate offices. This information seems far less critical than the exposure of gusts financial data, but spear-phishing can be just as damaging.

Who Was Affected by the MGM Cybersecurity Breach?

Unfortunately, basic data storage doesn’t recognize celebrity status, military clearance, or high-level executives. Even Justin Bieber and Twitter CEO Jack Dorsey were among the list of victims in this data breach. Even more alarming to the safety of our overall national security was all the names exposed who were US military and government officials, and high-level executives at technology companies.

Hotel chains have become more of a target over the years because many believe they are a target for Chinese espionage. Think about it: every high-end hotel chain will likely have information on anyone who is an executive. Luxury properties will have data collected from frequently traveling executives with high-security clearances, who manage companies in industries that overseas developers would love to get their hands on to keep a competitive edge.

If your business stores any type of information that could expose information to hackers, you absolutely need to have a Managed Security Service Provider (MSSP) assess the risks of your current business practices as well as come up with the proper defense to protect your company’s information assets. Maintaining excellent cyber-hygiene is more and more of a necessity so that you don’t unknowingly expose your company’s vulnerability to hackers.

 MGM Resorts Cybersecurity Post Breach Clean-Up

Not having proper security measures in place will end up costing even more should your company fall victim to a cyber-attack. MGM hired two cybersecurity firms to forensically assist with their internal investigation once the hack had been discovered. No doubt this investigation came with the implementation of strengthening their security protocols across all of their IT related networks, devices, and storage in an effort to ensure this never happens again, as well as keeping an ongoing relationship with an MSSP. Having an internal IT support team is simply not enough to keep up with the demands of the creative tactics hackers are using to breach the security of American enterprises.

Are Internal IT Support Staff Worth the Gamble?

Security breaches from external cyberattacks are always headlining the news because it’s a new form of terrorism- cyber terrorism. As the American economy becomes more global, it’s thriving success becomes a hot target to get a slice of the exponential growth of our wealth, advances in technology, trade secrets, and security. But many of the security breaches we don’t see in the news come from within the company. If your Los Angeles based business stores critical from client relationships, projects, or transactions- you need to have the most advanced team of technology experts in your corner to manage both internal and external cybersecurity risks 24/7.

Be Structured Technology Group is a full-service Managed Security Service Provider based in Los Angeles, CA. If the beach of the MGM Cloud has you questioning if your cloud storage is secure, read more about it here. If you would love to contact us or get more information about both public and private cloud services we provide, click here.


Recent Posts / View All Posts

Presenting in Skype for Business

We Can Help You Establish Your Cyber Security Audit Checklist Before It’s Too Late

| No Comments
We all know by now that IT security needs to be taken seriously and be an ongoing priority for all firms.  While no company or individual can be 100% protected from cybersecurity threats, you can implement security best practices within a Cyber Security Audit Checklist which significantly reduces the risk of you becoming a victim of hackers …
Presenting in Skype for Business

Technology In The Super Bowl

| No Comments
Technology in the Super Bowl With the Superbowl over and all of us fans reminiscing the highlights of play and the low lights of this year’s stint of commercials, tech played a huge part in every fan’s NFL experience. The Superbowl is not only the most celebrated day in American sports, but the NFL continues …
Presenting in Skype for Business

Managed IT Services Arlington Virginia - What Is Layered Security?

| No Comments
Why is Layered Security Important? As the name implies, Layered Security involved multiple layers of authentification to reach critical information systems. In the traditional model of overall security, only one layer of defense has been commonly used.  This is most associated with that of legacy systems, especially that with of the Critical Infrastructure, which includes …