MGM Resorts Settles Major Data Breach Lawsuit for $45 Million

MGM Resorts International has agreed to a substantial $45 million settlement following two significant data breaches that compromised the personal information of millions of its customers. These breaches, which occurred in July 2019 and September 2023, led to the theft of sensitive data such as addresses, social security numbers, driver’s license numbers, passport details, phone numbers, and email addresses. The class action lawsuit alleged that MGM Resorts had failed to implement adequate data security measures, leaving their systems vulnerable to hackers.

Details of the settlement and financial compensation:

The court has granted preliminary approval for the global settlement, which will offer financial compensation to those affected by the breaches. According to Fox 5 Las Vegas, plaintiffs who had their social security or military identification numbers exposed will be eligible for a $75 cash payment. Those whose passport or driver’s license numbers were compromised will receive $50. In addition to the financial relief, all class members will have the option to receive identity theft protection and credit monitoring services to help mitigate the long-term impacts of the breach.

Douglas J. McNamara, one of the Co-Lead Interim Class Counsel, expressed satisfaction with the settlement, “On behalf of millions of MGM Resort customers, I’m very pleased with this settlement.” He also highlighted the vulnerability of the hotel and entertainment sectors to cyberattacks, noting that these industries are prime targets for hackers. McNamara pointed out that the same group of hackers also attacked Caesars Entertainment in 2023, further underscoring the scale of the threat facing the hospitality and entertainment industries.

According to Wall Street Journal, the data breaches at MGM Resorts resulted in the exposure of highly sensitive personally identifiable information (PII), much of which was later found to be circulating on various online forums. The plaintiffs in the class action alleged that the company’s failure to adopt reasonable security protocols allowed the hackers to access and steal vast amounts of data, which in turn posed a significant risk to the affected individuals.

MGM Resorts, a major player in the hospitality and entertainment industries, operates well-known properties like the Bellagio, Mandalay Bay, and MGM Grand. The company’s failure to prevent the breaches raised concerns about the adequacy of its cybersecurity measures, which ultimately led to the class action lawsuit.

Efforts to address the growing cybersecurity threat:

The settlement is part of ongoing efforts to address the increasing prevalence of cyberattacks on large organizations, particularly in industries that handle vast amounts of personal data. As cybercriminals continue to target high-profile companies like MGM Resorts and Caesars Entertainment, there has been mounting pressure on businesses to implement stronger data protection measures to safeguard customer information.

The lawsuit and subsequent settlement serve as a reminder of the risks faced by consumers in an increasingly digital world, where personal data is regularly targeted by cybercriminals. The settlement’s provisions for identity theft protection and credit monitoring reflect the growing importance of post-breach support for affected individuals.

The case, titled In re MGM Resorts International Data Breach Litigation, has been led by a team of prominent attorneys, including Douglas J. McNamara of Cohen Milstein, John A. Yanchunis of Morgan & Morgan, and David M. Berger of Gibbs Law Group. These attorneys, along with others, have been instrumental in securing the settlement for millions of affected customers. Their leadership has been essential in ensuring that victims of the breaches receive the financial compensation and security protections they deserve.

In addition to the 2019 breach, the settlement also addresses the 2023 data breach, which had similar impacts on MGM customers. The company is expected to continue facing scrutiny over its cybersecurity practices, with the settlement serving as a partial resolution to the legal actions initiated by the affected individuals.