Consumers often have to trust that corporations are going to protect their data — so what happens when that trust is broken? MGM Resorts might be about to find out following new revelations about the scale of a hack they suffered in 2019.
In February this year, months after the initial breach, the company admitted that data from more than 10 million guests had been stolen. They insisted that appropriate action was taken at the time and that those affected had been contacted.
The hack exposed names of guests, along with their phone numbers, email addresses, and dates of birth. That alone would have been bad enough, but five months later the story continues to unfold.
This month, news broke that the real number of victims may have been over 142 million. Worse still, their data is now for sale on the dark web.
MGM aren’t the only ones — they’re just the latest in a long line of corporations that let their customers down on security. In 2019, around 800 million unique email addresses and 21 million passwords were stolen and sold online.
Data breaches make headlines with alarming regularity. The fallout from such attacks can be long-lasting both for the corporation and its consumer.
Theft of this scale is usually caused by a range of factors, from malicious social engineering attacks to simple human error. The more employees a corporation has, the greater the number of potential access points for hackers to exploit.
While some malicious software is used to extort money directly from corporations, many will quietly spy on internal messages and private servers. Hackers can monitor this information from afar and use it to gain access to the valuable data they’re looking for. Malware is often unwittingly downloaded from unsecured websites, malicious advertisements, and phishing emails.
Subtle tactics like phishing continue to successfully target major corporations every year. Using social engineering techniques like pretexting, hackers pose as someone trustworthy and contact the company's employees. They'll either try to gain data directly or steal password information that will allow them to probe deeper into customer databases.
Human error contributes to around 90% of data breaches, as high standards of best practice aren’t always enforced. Many employees use weak passwords, connect to high-risk Wi-Fi hotspots, and forget to encrypt their data. As long as a corporate network’s endpoints remain unprotected, the company as a whole cannot be secured.
Once hackers have stolen customer data, they'll often sell it online to other cybercriminals. Stolen data serves a variety of purposes and often aids in further crimes.
Data exposed in incidents like the MGM breach fuels identity theft, the results of which can haunt victims for years. Financial damage, ruined credit scores, and implication in criminal activity will linger on. Once someone’s social security number and credit card details are out in the open, it’s hard to regain control of that information.
Consumers will often entrust huge amounts of sensitive data to corporations, assuming that they enforce rigorous security protocols behind the scenes. When companies let their customers down, it can destroy trust and tarnish reputations. The only winners here are the criminals.
With corporations like MGM still struggling to stay ahead of cybercriminals, consumers should take whatever steps they can to protect their own data and guard against the effects of a potential breach. Here are three simple ways for anyone to lower the risks of data breaches in 2020:
For MGM, the road to regaining customer confidence may be a long one. Businesses and consumers should now take the necessary actions to ensure that their data stays secure.
For more cybersecurity news, subscribe to the NordVPN newsletter below!