Data breach at MGM Resorts expected to cost casino giant $100 million
apnews.com
The data breach that MGM Resorts is calling a cyberattack is expected to cost the casino giant more than $100 million.

How sensitive is a DL number? DL numbers are typically an encoding of full name, DoB, and gender. So IIUC, it’s as sensitive as that info, which as far as I can tell is not overly hard to get legitimately. A criminal with that info can derive your DL# anyway. Yet apparently DL numbers are used to identify you when opening various kinds of accounts online and it’s treated as some kind of secret magic number that only you would know. Am I missing something, or is the real problem that the DL# is being used and trusted to verify identities?

To be clear, the breach did not only grab DL №s, it was also involves:

“other personal information, including names, contact information, driver’s license numbers, Social Security numbers and passport numbers belonging to some customers who did business with MGM prior to March of 2019”

I used to be sloppy with my driver’s license, letting casinos and various businesses keep a copy of it. I decided at one point that my home address, handwritten sig, height, etc, is more sensitive than my nationality, so when ID is demanded I tend to show my passport instead of DL whenever possible. The passport shows much less info. But I wonder if I can still do better.

What if I slip the DL or passport into a sleeve that covers all fields except my name with a black box. So when the casino or whoever scans it, they only have a partial copy on record. Would that work? Does anyone do this?