LAS VEGAS – MGM Resorts International is close to resolving a class action lawsuit stemming from data breaches in 2019 and 2023 with a $45 million preliminary settlement recently approved by a federal judge.
These breaches exposed the personal information of millions of guests, sparking multiple lawsuits that were later consolidated into a single case.
How Did the Breaches Happen?
The first major breach in July 2019 affected approximately 37 million customers, compromising sensitive personal data.
In 2023, cybercriminals successfully infiltrated MGM’s network by impersonating an IT administrator. This attack exposed even more customer information, including:
✅ Names, addresses, and phone numbers
✅ Email addresses and dates of birth
✅ Driver’s license and passport details
✅ Military ID numbers
✅ Social Security numbers (for some customers)
The second breach led to an additional 14 lawsuits, which were merged with the ongoing 2019 case
What Compensation Is Available?
Under the proposed $45 million settlement, eligible customers can file claims for:
💰 Documented Loss Cash Payments – Up to $15,000 for fraud-related expenses, including:
- Identity theft damages
- Attorney and credit repair fees
- Costs for freezing/unfreezing credit
- Credit monitoring expenses
💰 Tier Cash Payments – Flat-rate payouts based on the type of personal data compromised:
- $50 if your driver’s license or passport was exposed
- $75 if your Social Security or military ID number was leaked
🛡 Identity Theft Protection – Affected customers can also request one year of free credit monitoring and fraud detection services.
How to File a Claim: Within 30 days of the settlement’s preliminary approval, eligible customers will receive an email or postcard with instructions on how to submit a claim. The notice will also include the claim deadline, details about the final approval hearing, and a link to the settlement website.
Attorney Weighs In on the Settlement
Douglas J. McNamara, an attorney representing plaintiffs, welcomed the deal, saying:
“Cybercriminals continue to target the hotel and entertainment industry, making customer data vulnerable. This settlement is an important step toward accountability.”
McNamara also referenced a separate cyberattack on Caesars Entertainment in 2023, carried out by a hacking group known as “Scattered Spider.”
Caesars Entertainment Data Breach: What Happened?
In 2023, cybercriminals breached Caesars Entertainment’s network by targeting an IT vendor. This attack compromised six terabytes of Caesars’ customer data, affecting over 65 million loyalty program members.
Hackers demanded a $30 million ransom, and Caesars reportedly paid $15 million to regain control of their system.
Customers allege that Caesars failed to properly secure their data and did not inform customers in a timely manner. Although Caesars mentioned the attack in a September 14 SEC filing, critics argue the company did not reveal the full extent of the breach.
Caesars’ legal team has moved to dismiss the lawsuit, claiming plaintiffs have not demonstrated tangible harm from the breach.
FAQ: What You Need to Know About the MGM Data Breach Settlement
1. Who is eligible for a payout?
Anyone whose personal data was compromised in the 2019 or 2023 MGM Resorts data breaches is eligible to file a claim.
2. How much money can I get?
Payouts range from $50 to $15,000, depending on the type of information exposed and any financial losses suffered.
3. How do I file a claim?
If you are eligible, you will receive an email or mailed postcard with instructions. Claims can be submitted online through the settlement website.
4. When will payments be issued?
Payments will be distributed after the final court approval, which is expected in the coming months.
5. Is this related to the Caesars data breach?
No, but both breaches were carried out by cybercriminal groups targeting major hospitality companies. The Caesars case is still ongoing.
6. Will MGM improve its security?
MGM has not released a statement yet, but cybersecurity experts urge companies to enhance data protection measures to prevent future attacks.
Final Thoughts
The MGM data breaches highlight the growing threat of cyberattacks on major corporations. While the $45 million settlement offers some relief to affected customers, it also raises concerns about how companies handle personal data.
MGM Resorts has yet to issue an official statement regarding the settlement, while Caesars Entertainment continues to face legal battles over its own security failures.
For those impacted, filing a claim as soon as possible is the best way to seek compensation.