MGM has confirmed that a data breach occurred and customers that transacted with them prior to 2019 may have had the following data stolen:
name
contact information
gender, date of birth
driver’s license number
social security numbers
passport numbers
They state that passport and social security numbers were stolen from a smaller subset of customers but given that don’t state the total size of the breach and the SSN/passports numbers stolen this is impossible to verify. The whole statement from MGM reads poorly stating that it was their swift response that resulted in more data not being stolen when likely this was because that data was encrypted/better protected.
Until the penalties for data breaches are increased they will continue to happen at an alarming rate. In fact MGM resorts last suffered a data breach in 2019 (reported in 2020) where 10.4 million customers were impacted.