It seems as though what happens in Vegas doesn’t necessarily stay in Vegas. That includes peoples’ sensitive, personal information. While MGM by all accounts has been proactive and responsive in terms of sharing the scope and impact of the breach, they acknowledge the fact that even if financial information was not intercepted, certainly, individuals’ personal data was. Regulatory mandates in many jurisdictions, mandates such as GDPR and CCPA, stipulate the due-diligence protection of private, personal data which could lead to an identified or identifiable data subject. To avoid a breach such as this one from triggering regulatory scrutiny and all the associated negative repercussions, data-centric security measures such as tokenization—which replaces sensitive data with benign and meaningless tokens—can ensure that even if sensitive data finds its way into the general public, nobody would be able to leverage that information for nefarious purposes.  Read Less