With the advancements in technology taking a giant leap to reshape the hotel industry; cybercrimes, too, are gaining momentum. It wasn’t a long time back when a European hospitality chain suffered a massive data breach impacting 6,00,000 hotels worldwide. Similarly, 700,000 records of Choice Hotels were reportedly stolen, and hackers demanded a hefty ransom. Best Western International Inc. also fell prey to a similar cyberattack incident when its hotel reservations system named “Autoclerk” was exposed online due to misconfigured cloud storage hence leaking the private database of customers. We’ve seen multiple hotel giants experiencing data breaches, and this time, it’s MGM Grand – the American global hospitality mammoth.
MGM Grand recently confirmed a data breach that led to a massive data leak. The breach, at the renowned Vegas hotel and casino, was the result of unauthorized access to a cloud server. Soon following all the fuss, the hospitality giant claimed that the compromised guests were informed of this security lapse beforehand last year as the security breach initially took place last summer.
New breach: MGM Resorts had 10.6M records with 3.1M unique email addresses breached last year. Data also included names, phone numbers, DOBs and physical addresses. 82% of emails were already in @haveibeenpwned. Read more: https://t.co/qfLBxv6nrL
— Have I Been Pwned (@haveibeenpwned) February 20, 2020
However, this was just the tip of the iceberg. This blog will talk about what lessons businesses can learn from the MGM data breach, the measures that can prevent such data leaks from occurring in the future, and how partnering with a skilled and experienced cloud security services provider can help businesses deploy essential security measures.
Data being the “new oil” encourages cybercriminals to take a keen interest in the hospitality industry. Hotels amass a large amount of corporate data and personal information of clients, including celebrities, business people, and politicians, hence making themselves most vulnerable to falling victims to such malicious cyberattacks. The corporate contact details and corporate billing information of enterprises whose advisory staff travels frequently are always at high risk. Cybercriminals scan and shortlist corporate domains that have an abundance of consumer contact details that leads to phishing and business email compromise.
(Read More – Everything You Need To Know About Cloud-Native Security)
No matter when a breach took place, appropriate actions should be taken on time. MGM is a classic example of how data breaches can continue making businesses vulnerable for a long time. Cybercriminals can hold the hacked information for months before they dump it onto the web. MGM’s high profile data was a treasure mine of contact details of top-notch individuals, employees of big tech firms, and governments across the globe. Though financial information or passwords were not involved, the victims were at high risk of receiving spear-phishing emails and social attacks like SIM swapping and W2 scams. Cybercriminals can correlate the data with the breaches that happened in the past to identify their potential targets.
Though the severity of MGM security crises was low compared to the data breach that happened in the past. It should be kept under consideration that the leaked and hacked information gives cybercriminals easy access to data that could be used in other attacks. Irrespective of severity, a single breach can give rise to a broad spectrum of attack scenarios for cybercriminals from spear phishing to BEC and Whaling. Hotels should inform the victims to stay cautious against malicious messages, calls, emails, and change the passwords immediately. Data from multiple breaches exposed to the dark web help bad actors execute bot-driven account takeover attacks.
Data breaches are a stark reminder that consumers are right when they fear privacy. Though the impact of MGM breach was low, however, a lot worse could have happened if the hotel didn’t take remedial actions on time to deal with the security crises. A cloud security services provider can help you ensure security. Strengthen your security posture with Zymr’s robust cloud security solutions that safeguard your environment. Be a front-runner with our standardized cloud security managed services with a well-framed threat insight platform, smarter log management, and security strategy that ensure 360-degree protection.
Ready to get started? Contact our team today!