MGM Resorts to Pay $45 Million in Data Breach Lawsuit Settlement

A class action lawsuit against the legendary Las Vegas gaming operator MGM Resorts International could soon be resolved as a federal court approved a preliminary settlement of $45 million. The settlement follows two significant data breaches that compromised sensitive customer information.

According to the lawsuit filed in the U.S. District Court of Nevada, the resort operator's systems were compromised in July 2019, resulting in the theft of sensitive data like clients' social security numbers, addresses, and passport numbers. An attack reoccurred in September 2023, disabling MGM's key and gaming systems for several days, causing about $100 million in losses.

Settlement Nitty Gritty

Following the ransomware attack of 2023, 14 class action lawsuits were brought against MGM Resorts and later consolidated with the 2019 suit. The settlement will allow class members to collect up to $15,000 through Document Loss Cash Payment claim forms for losses including:

• Unrefunded losses linked to fraud and identity theft
• Credit freezing or unfreezing costs
• Professional fees associated with credit repair services, such as attorney and accountant fees
• Credit monitoring fees accrued on or after the data compromise

The settlement will also provide Tier Cash Payment depending on the kind of data exposed. Plaintiffs whose social security or military identification number was exposed will receive a $75 flat cash payment. Those whose driver's license or passport number was exposed will get $50. All settlement class members will also access identity theft protection and credit monitoring services courtesy of MGM.

A Show of Accountability

The settlement marks a significant step in regulators holding large corporations accountable for insufficient data security measures. Co-Lead Interim Class Counsel and Cohen Milstein partner Douglas J. McNamara conveyed satisfaction in MGM taking legal and financial accountability, stating, "On behalf of millions of MGM Resorts customers, I'm very pleased with this settlement."

The lawsuit had notable legal representation beyond Cohen Milsten with leadership team members from prominent law firms, including Berger Montague and Hausfeld, underscoring the importance of the case.

Why The Lawsuit Matters

MGM Resorts' data breaches spotlight the growing cyberattack risks facing the hospitality industry, which stores vast amounts of personal data. This lawsuit's outcome ensures financial compensation to victims and challenges corporations to implement data protection protocols to prevent future compromises.