U.S. casino operator MGM Resorts International said on Thursday it was the victim of a data breach last year after an earlier report claimed that details of over 10.6 million hotel guests had been compromised.

“Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts”, a company spokesman said.

No financial, payment card or password data was involved in the incident and the guests affected were notified, the statement said.

The majority of information exposed related to the names of guests and their phone numbers, the spokesman added, without confirming the exact number of guests affected.

ZDNet reported late on Wednesday that the personal details of more than 10.6 million guests who stayed at MGM Resorts hotels were published on a hacking forum this week.

The company said on Thursday it had retained two cybersecurity forensic firms to assist in an internal probe.