A federal court has granted preliminary approval for a $45 million global settlement in a class action lawsuit against MGM Resorts International. The lawsuit stems from two major data breaches in July 2019 and September 2023, which exposed the personal information of tens of millions of MGM hotel guests and customers.
Plaintiffs alleged that MGM failed to implement adequate data security measures, leading to the theft of sensitive information, including social security numbers, passport numbers, and other personally identifiable information (PII).
The settlement provides financial compensation for affected individuals, including cash payments of up to $75 and access to identity theft protection and credit monitoring services. This legal resolution shows the ongoing vulnerability of the hospitality industry to cyberattacks, with hackers targeting MGM Resorts and other major companies like Caesars Entertainment.
Why It Matters: The MGM Resorts data breaches highlight the growing risks of cyberattacks in the hospitality sector, where vast amounts of personal data are stored. With millions of individuals impacted globally, this settlement not only provides financial relief to victims but also raises the bar for corporate responsibility in data protection. The case may also influence how companies invest in cybersecurity to prevent future breaches.
- Two Major Data Breaches Exposed Millions: MGM Resorts suffered breaches in 2019 and 2023, compromising PII such as social security numbers, driver’s license numbers, passport details, and contact information. Some of this data was found for sale on online forums.
- Financial Relief for Class Members: Impacted individuals whose social security or military IDs were exposed are eligible for $75, while those with exposed passport or driver’s license details can claim $50. Identity theft protection and credit monitoring are available for all affected.
- Hospitality Industry as a Target: The settlement shows the increasing vulnerability of industries like hospitality and entertainment, with hackers frequently targeting such companies due to the volume of sensitive data they manage.
- Legal and Financial Accountability: The $45 million settlement marks a significant step in holding MGM Resorts accountable for insufficient data security practices. This case joins others, such as the Caesars Entertainment litigation, in addressing cyber risks.
- Notable Legal Representation: The lawsuit was handled by a leadership team of prominent law firms, including Cohen Milstein, Berger Montague, and Hausfeld, emphasizing the scale and importance of the case.
MGM Resorts to pay $45 million in data breach settlement – MSN