The personal details of more than 10.6 million guests of MGM Resorts hotels have reportedly been hacked and posted on an internet forum.
High-profile figures including Justin Bieber and Twitter founder Jack Dorsey were among those affected, technology news website ZDNet reported.
Names, addresses, phone numbers and email addresses were posted to a hacking forum this week. About 1,300 former guests were reportedly told information such as their passport numbers had also been exposed.
Catalin Cimpanu, the reporter behind the story, wrote on Twitter that the information published was leaked in July 2019, a month before customers were notified of the breach.
MGM Resorts said it was “confident” no financial information had been exposed.
A spokesman for the company said: “Last summer, we discovered unauthorised access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts.
“We are confident that no financial, payment card or password data was involved in this matter.
“MGM Resorts promptly notified guests potentially impacted by this incident in accordance with applicable state laws.”
ZDNet said it had verified the authenticity of the data by working with a security researcher at data breach monitoring service Under the Breach.
Most states do not require companies to tell customers if data which is already public has been exposed during a hack.
MGM Resorts, which has hotels across the country, attracts thousands to guests to its Las Vegas resort for casino and sporting events.
It is not the largest hacking of the hotel industry. In 2017, Chinese-state sponsored hackers exposed the data of 500 million guests of the Marriott International hotel group.