The availability of such a massive number of records at no cost to any cybercriminal interested is a recipe for countless phishing campaigns using the data itself as a means of establishing scam credibility.
If you received a medical bill that had your birthdate, phone number, and name mentioned in it, you’d at very least give it a moment of your time to determine what the bill is, whether you owe it, etc. And you probably wouldn’t think that it was a scam, but – at worst – a mistake, right?
That’s exactly the kind of opportunity scammers now have with the release of 142 Million MGM Resorts customer records, according to VPNMentor. The records include:
- First and Last Name
- Mailing Address
- Phone Number (most likely a mobile number)
- Email Address
- Date of Birth
This information could be used for phishing, SMiShing, and Vishing scams intent on using the compromised personal data to gain the trust of a potential victim in order to trick them into giving up banking and credit card details, credentials, and more.
And given the actual breach occurred two years ago, people whose information is contained in the breached data aren’t expecting such attacks.
This is one of the reasons we so adamantly advocate for continual Security Awareness Training – your users always need to have their guard up, always vigilant and scrutinizing any and all unexpected communications, assuming them to be false until proven otherwise.