MGM's Hefty Settlement Over Data Breaches
MGM Resorts Compelled to Settle $45 Million Lawsuit following Two Severe Data Breaches, as Decided by a Federal Court.
After a federal court preliminary approval, MGM Resorts International is to shell out a whopping $45 million in a class-action lawsuit due to two significant data breaches. The court's final confirmation is scheduled for June. Concurrently, the FTC might conduct an investigation into the casino company.
In July 2019, a hacker infiltrated MGM's systems, swiping sensitive customer information like home addresses, passport numbers, and more. Another setback struck in September 2023, as the company fell victim to a ransomware attack, causing disruptions to its Las Vegas properties and about a $100 million loss. About 37 million customer records are believed to have been compromised during these incidents.
The lawsuit alleges inadequate data security measures by MGM, leading to these breaches. The compensation paid to plaintiffs will be contingent on the extent of their compromised data. For instance, if a hacker nabbed military identification numbers or Social Security numbers, the individual can claim $75. The maximum payout stands at $15,000 per person. Notably, the legal team could pocket up to $13.5 million of the total settlement amount.
Settlement Breakdown
- Source of the Settlement: The settlement results from two cyberattacks on MGM Resorts in 2019 and 2023, exposing personal information like full names, emails, phone numbers, addresses, birthdates, and sensitive data such as passport numbers, driver's licenses, and Social Security numbers.
- Settlement Fund: The total settlement fund amounts to $45 million, aimed at compensating individuals whose data were compromised.
- Eligibility: Eligibility extends to individuals whose personal information was at risk during the 2019 or 2023 breaches, usually individuals who stayed at MGM Resorts hotels or casinos and received an official notification.
- Maximum Payout: The maximum payout per individual is up to $15,000, while most claimants are estimated to receive up to $75.
- Claim Submission Deadline: Claims must be filed online or by mail by June 3, 2025.
- Exclude or Object Deadline: Those wishing to exclude themselves or object to the settlement have until May 19, 2025.
- Final Approval Hearing: The court will hold a final approval hearing on June 18, 2025.
Claim Process
- Visit the Settlement Website: Log onto the official settlement website at www.mgmdatasettlement.com to access claim forms and further details.
- Submit Claim Form: Fill out the claim form and submit it by the deadline of June 3, 2025.
- Claim Review: The settlement administrator will review claims based on the extent of data breaches and other factors.
In light of these incidents, experts recommend reducing the sharing of personal information, particularly sensitive data like Social Security numbers, which are often unnecessary for routine transactions.
- The cyberattack on MGM Resorts in 2019 and 2023 resulted in the exposure of data-and-cloud-computing sensitive information, including full names, email addresses, phone numbers, and social security numbers.
- In an attempt to alleviate the consequences of these incidents, a settlement fund of $45 million has been established, with a maximum payout of $15,000 per individual and most claimants receiving up to $75.
- To claim compensation, individuals should visit the settlement website, fill out the claim form, and submit it by June 3, 2025, while experts advise minimizing the sharing of sensitive information like Social Security numbers in casino-and-gambling environments such as Las Vegas casinos, as they can be particularly vulnerable to cyberattacks and data breaches, contributing to casino-culture concerns.
