According to an article at ZDNet, personal information from over 10.6 million MGM Resorts guests was posted on a hacking forum this week. ZDNet was able to confirm the information, which included names, addresses, phone numbers, and birthdays, was for people who had been guests at various MGM Resorts. MGM Resorts confirmed that they experienced a breach last summer and gave proper notification in accordance with state law. Not surprisingly, this looks like the first time that breach is in the mainstream media. While they claim no financial information or passwords were included, that doesn’t mean this information is not useful to hackers who had. If you got a notification from MGM Resorts about the breach, now is a good time to take stock of your data–check your credit report, make sure your passwords are secure in a password manager, etc. Time will tell whether this breach has wider implications.
Time for a US Data Protection Agency?
Head over to TechCrunch and check out this article by Zach Whittaker (a good follow on Twitter, by the way). It details Senator Kirsten Gillibrand’s new bill called the Data Protection Act that would “create and meaningfully enforce” data protection at a federal level. This is just the latest in a series of different bills presented in Congress trying to bring a more cohesive regulation framework to privacy and data security in the US (as noted in this article at the National Law Review). To date, none of the proposed federal regulations have gotten enough traction to be passed into law, but don’t worry–it’s coming. With the states leading the way with things like CCPA and the Nevada Privacy Law, businesses are starting to be affected by the varying laws. And even though privacy is not quite the lawless wild west that the Senator makes it out to be, the inconsistent laws from state to state help make the case for some federal regulation. I wouldn’t be surprised if we see more developments on this front throughout the year.