MGM Resorts Cyberattack Case Advances with $45M Settlement

MGM Resorts Cyberattack Case Advances with $45M Settlement

MGM Resorts International, the leading gaming, hospitality and entertainment company that operates recognizable properties such as MGM Grand, the Bellagio and Mandalay Bay, reached an important milestone in a class action lawsuit it was facing following cybersecurity incidents.

$45M Global Settlement Secures Preliminary Approval

Cohen Milstein Sellers & Toll PLLC, a recognizable premium law firm in the United States, which represents MGM Resorts in the class action lawsuit against the company stemming from cyberattacks from 2023 and 2019, announced Friday that federal court granted preliminary approval of a global settlement on the case.

The granted preliminary approval of a $45 million global settlement seeks to resolve the class action lawsuit. Allegations against MGM Resorts suggest the company failed to “implement reasonable data security practices,” resulting in a data leak of tens of millions of customers and hotel guests after two cyberattacks, one dating back to July 2019 and another one from September 2023.

Cohen Milstein explained: “The settlement includes significant financial relief for impacted plaintiffs.” Per the law firm, members of the class action lawsuit, whose military identification number of social security number leaked are entitled to a $75 cash payment. On the other hand, customers whose driver’s license or passport information was affected by the data breach are eligible for a $50 compensation. “In addition, all settlement class members may elect identity theft protection and credit monitoring,” the law firm wrote.

Gaming and Entertainment Industries Are Often Targeted by Cyberattacks

The class action lawsuit claimed MGM Resorts didn’t implement adequate data security practices to protect the data of its customers. Information that leaked during the two cyber incidents included social security numbers, passport numbers, driver’s license numbers, as well as dates of birth, addresses, phone numbers and email addresses, among other sensitive private data.

Last month, a person suspected of being a part of Scattered Spider, a hacker group that is believed to have orchestrated the cyberattack against MGM Resorts, as well as Caesars Entertainment, was arrested. While media reports speculated that the latter company paid a requested ransom, MGM Resorts disagreed.

“On behalf of millions of MGM Resort customers, I’m very pleased with this settlement.“
Douglas J. McNamara, co-lead interim class counsel and a partner at Cohen Milstein

Douglas J. McNamara, a partner and co-lead interim class counsel at Cohen Milstein, revealed that it is exciting to see the class action lawsuit receive preliminary approval for a global settlement. He spoke about the entertainment and gaming sectors, recognizing they are “particularly desirable targets for hackers.” Finally, McNamara mentioned that MGM Resorts isn’t the only company affected by the same hacker group, adding that Caesars was also affected by a cybersecurity incident.