MGM Resorts to pay $45 million in data breach settlement

January 28, 2025

MGM Resorts to pay $45 million in data breach settlement

MGM Resorts International has agreed to pay $45 million as part of a settlement related to two major data breaches in 2019 and 2023. The company is facing a class action lawsuit over its handling of customer data. The lawsuit claimed that the company failed to protect its customers’ personal information, resulting in two major data breaches that affected tens of millions of people who stayed at MGM hotels or used their services.

Details of cybersecurity incidents

The suit alleges a class action regarding two major hacking attacks at MGM: the July 2019 data breach, which exposed social security numbers, home addresses, and contact information of over a million customers, and the September 2023 breach, which released additional customer data. Both events highlight significant weaknesses in MGM’s cybersecurity systems, thus compromising the security of over a million customers.

The lawsuit claimed MGM Resorts failed to implement adequate security practices to protect its customers’ data. The plaintiffs argued that such breaches could have been prevented had appropriate safeguards been exercised. They were represented by Cohen Milstein Sellers & Toll PLLC, one of the leading law firms in the country, through which they sought justice and fair compensation.

Details of the settlement

The preliminary approval of a $45 million class settlement has been requested by the federal court to bring relief to the victims of the data breaches. Among the specific compensations included in the agreement are: $75 for those whose military ID or social security number was compromised; $50 for those affected through the driver’s licence or passport breach; and other benefits, such as identity-theft protection and credit-monitoring services, for all class members. This settlement represents MGM’s effort to address the harm caused and rebuild customer trust.

Cohen Milstein explained: “The settlement includes significant financial relief for impacted plaintiffs. In addition, all settlement class members may elect identity theft protection and credit monitoring,” the law firm wrote.

MGM Resorts’ response

MGM Resorts has modified its approach to cybersecurity in light of the data breaches. The company has announced plans to bolster its cybersecurity framework, stating that it is committed to preventing future incidents with investments in advanced security technologies and practices.

Douglas J. McNamara, a partner at Cohen Milstein, expressed satisfaction over the approval of the settlement, acknowledging the gaming industry’s challenges in controlling cyber threats and underscoring the need for accountability.

McNamara said, “On behalf of millions of MGM Resort customers, I’m very pleased with this settlement. The hotel and entertainment industries are particularly desirable targets for hackers. The same hackers also attacked Caesars Entertainment, Inc. in 2023.”

The gaming and hospitality industries deal with sensitive customer information on a large scale, making them prime targets for hackers. Much of the personal and financial information is stored across various systems, thus increasing the chances of breaches. MGM Resorts is not an exception to this challenge. Caesars Entertainment was also a victim of a cyberattack that was allegedly carried out by the same group that targeted MGM.