In July 2019, an attacker accessed a cloud server at MGM Resorts International and extracted personal data for approximately 10.6 million hotel guests. The breach went undetected until February 2020, when ZDNet reported that data for 10.6 million former MGM hotel guests was being shared on a hacking forum. The disclosed data included names, home addresses, phone numbers, emails, and dates of birth for a wide range of guests including government officials, celebrities, tech CEOs, and reporters. Guests whose data was exposed included Twitter CEO Jack Dorsey, Nevada Governor Steve Sisolak, German state officials, and employees of major tech firms. MGM confirmed the breach but characterised it as limited in scope. The irony was significant: this 2019 breach of MGM’s guest data preceded by four years the much larger and more devastating 2023 MGM Scattered Spider ransomware attack, suggesting MGM had a persistent vulnerability in protecting guest data. MGM offered no credit monitoring for affected guests. The hacking forum post contained the data divided across multiple files. Note: this is separate from the massive September 2023 Scattered Spider/ALPHV ransomware attack against MGM which caused $100M+ in losses.