MGM Resorts International and Caesars Entertainment, two of the hugest names in the Las Vegas casino industry, have found themselves embroiled in multiple federal class action lawsuits after experiencing cyberattacks that reportedly compromised customer data.
Court documents reveal that four lawsuits were initiated last Thursday, with two targeting each of the casino giants. Another lawsuit was filed against Caesars on Friday, and a sixth similar case was brought against both defendants in a New Jersey district court on 18 September.
Confidentiality compromised
At the heart of all these legal actions are data breaches. Plaintiffs assert that “unauthorized individuals” managed to infiltrate the resorts’ network systems, gaining access to the Personal Identifiable Information (PII) of resort customers.
One of the complaints, filed by Emily Kirwan against MGM Resorts, disclosed that the cyberattackers claimed to have exfiltrated a substantial six terabytes of data. This data reportedly includes the PII of the plaintiff and other class members, all taken from the defendant’s network.
The filing also pointed out that the defendant was aware of its vulnerability to such attacks, as its IT vendor, Okta, had warned of a “consistent pattern of social engineering attacks against IT service desk personnel.
Class members claim security measures not adequate
According to the lawsuits, the injuries suffered by the plaintiff and class members were directly linked to the defendant’s failure to establish or maintain adequate data security measures. Once PII is stolen, the fraudulent use of that information can lead to lasting damage for the victims, extending over several years.
The lawsuits also referenced the potential financial value of the stolen data, with criminals reportedly willing to pay significant sums for such information. The plaintiffs cited invasion of privacy and theft of personal information as real injuries. Furthermore, they expressed that the data breach had caused them “fear, anxiety, and stress,” further exacerbated by the defendant’s failure to provide comprehensive details about the data breach.
Companies were allegedly negligent
All six lawsuits against MGM Resorts and Caesars Entertainment allege negligence and breach of implied contract. The five complaints filed in Nevada additionally include counts of unjust enrichment. The plaintiffs are seeking monetary relief in various forms, including actual damages, statutory damages, punitive damages, and restitution.
As of now, MGM Resorts International has refrained from providing any comments regarding these legal filings. The situation continues to unfold as both companies navigate the legal challenges stemming from these cyberattacks.
Operation risk framwork
In the case if large enterprises such as these casino flagship establishments, establishing a robust operational risk framework is paramount for safeguarding against the growing menace of cyberattacks. This framework plays a pivotal role in the broader spectrum of enterprise risk management. It ensures that an organization’s cyber resilience framework aligns seamlessly with its overarching operational risk management strategy.
This alignment is not merely a procedural formality but a strategic imperative that are part of a due diligence process. Large enterprises usually recognize that common elements in policies, procedures and controls are instrumental in mitigating various risks, including cyber threats. As well as anability to detect, prevent cyberattack, the framework lays out guidelines for responding to cyberattacks effectively, fortifying the enterprise’s resilience in an ever-evolving digital space.
Related topics:
Stop Press: SiGMA CURAÇAO, held in association with the Ministry of Finance, is taking place from 25 -28 September.
A national controversy – no end in sight for Okada Manila
