A South Dakota law that went on the books less than two years ago is being utilized to notify residents who are part of a massive data breach in Las Vegas

South Dakota law 22-40-20, which went into effect in July of 2018, requires that companies that have been hacked notify any South Dakota residents impacted 'no later than sixty days from the discovery or notification of the breach unless a longer period of time is required due to the legitimate needs of law enforcement'.

In this instance, ZDnet is reporting that last summer MGM Resorts International had a data breach that included the personal details of more than 10.6 million former hotel guests. The story says some guests’ driver's license and passport information were stolen from a cloud server.

In a follow-up story, the Las Vegas Review-Journal said that about 52,000 people were notified and they say that many of those were from South Dakota, who were alerted thanks to the new law.

An MGM spokesperson said the company is confident no financial, payment or password data was involved, and the majority of the data taken included information like names and phone numbers.

Experts recommend that anyone impacted by the hack change security passwords and passcodes and notifies their banks to be on the lookout for any suspicious activity in their accounts.