MGM Resorts Cyberattack Lawsuit $45M Settlement Gets Initial Approval


Las Vegas-based casino giant MGM Resorts International recently got a preliminary nod on its $45 million offer to settle a class action lawsuit over past data breaches. 

The Nevada District Court approved the multimillion offer from the largest U.S. gambling operator on January 22, although media reports only emerged this week on the matter.

The data breaches occurred in 2019 and 2023. In the former, hackers gained access to some 37 million MGM customer records. Although no financial data was exposed, personal identification information was. That included names, email addresses, telephone numbers and dates of birth. 

The 2023 incident saw a hacking group lock MGM out of basically its entire company-wide computer network for 10 days while demanding a ransom. The operator refused to pay up, and it lost an estimated $100 million while cybersecurity experts worked to regain control of the system. 

An existing class action lawsuit over the 2019 breach was converted into joint litigation with those who saw data exposed to hackers in the 2023 attack. If given full approval later this year, as expected, more than a million affected MGM customers will receive an estimated $25 to $75 each. 

The Settlement 

The payouts to those exposed are on a sliding scale. For those who lost personal data, $25 to $75 will be available – depending on exactly what information was lost. If anyone can prove they were the victim of identity theft or other fraud linked to the breaches, they could be entitled to up to $15,000. 

“On behalf of millions of MGM Resort customers, I’m very pleased with this settlement,” said Douglas McNamara of law firm Cohen Milstein, who represented the plaintiffs. “The hotel and entertainment industries are particularly desirable targets for hackers. The same hackers also attacked Caesars Entertainment Inc. in 2023.”

MGM’s Data Breaches 

The perpetrators of the 2023 incident that cost MGM $100 million were found to be a hacking group called Scattered Spider. Last year, five suspects were arrested in police raids across the U.S. and UK, before later being named and charged by authorities. 

Scattered Spider was also implicated in a similar ransomware attack against another Las Vegas-based casino operator weeks before the 2023 attack, although no one has yet been charged in connection.

In that case, Caesars Entertainment reportedly paid up the ransom to the attackers to get its system back. It is currently facing its own lawsuits over that decision. 

As for MGM, recent events may have strengthened its hand in its case against further scrutiny over the data breaches. 

Federal Trade Commission (FTC) Chair Lina Khan was intent on pursuing MGM over its data protection policies, as she personally experienced the fallout from the cyberattack. She happened to be checking in to the MGM Grand Las Vegas on the first day of the 2023 incident. 

However, Khan’s tenure will soon be coming to an end. The return of President Donald Trump led many, including us, to predict the Joe Biden appointee’s days as the FTC head could be numbered. And, sure enough, Reuters revealed last week that Khan had sent a memo informing staff of her imminent resignation plans.

© Copyright 2024 - VegasLuck.com