MGM Resorts International has reached a preliminary agreement to settle for $45 million over claims tied to data breaches that occurred in 2019 and 2023, as per information released by a federal court. These incidents compromised the sensitive data of millions, drawing legal challenges that have now resulted in a hefty settlement for the resort operator. This data breach exposed various personal details of MGM customers including driver's license numbers, passport numbers, and residential addresses.
In the 2023 attack, MGM suffered a ransomware attack that managed to temporarily shut down their essential systems. This not only affected hotel room access but also took gaming machines offline for several days. The settlement, which a U.S. District Court of Nevada preliminarily approved, merged two class-action lawsuits that were separately filed over the two incidents. In a turn of events, the hotel and entertainment sector has proven to be an increasingly popular target for cybercriminals, and MGM wasn't the sole victim; Caesars Entertainment, Inc. also faced a similar fate in 2023, as Douglas J. McNamara of Cohen Milstein, Co-Lead Interim Class Counsel, highlighted in a statement obtained by FOX5.
The breached information, containing private data such as phone numbers, addresses, and social security numbers, eventually surfaced for sale online, alerting authorities to the severity of the privacy invasion. In response to the lawsuit, plaintiffs accused MGM Resorts of failing to establish and maintain adequate data security measures which could have mitigated or prevented the breaches. As part of the settlement, individuals who had their social security or military identification number compromised are entitled to a $75 cash compensation, while those with exposed passport numbers or driver’s licenses can claim $50, according to CDC Gaming Reports.
Adding to the compensation, all class members in the lawsuit are given the option to avail themselves of identity theft protection and credit monitoring services. This serves to further protect the affected customers from potential financial and personal harm following the disclosure of their private information. CDC Gaming Reports noted the preliminary settlement approval, laying out the groundwork for affected individuals to start claiming their due redress. In an effort to provide a comprehensive response to the incident, MGM Resorts has been approached for a statement, though details of their perspective on the settlement were not immediately available.
