MGM Resorts to Pay $45M to Settle Data Breach Lawsuit

January 29, 2025

MGM Resorts International has agreed to a $45 million to resolve a class action lawsuit over its data breaches in 2019 and 2023.

Preliminary approval of the settlement was granted by a federal judge, according to documents filed Jan. 22 in U.S. District Court for the District of Nevada.

The private information – including home addresses, Social Security numbers, passports, emails, dates of birth, and driver’s licenses of tens of millions of customers – were accessed in the cyberattacks.

The cyberattacks are thought to be the work of the so-called Scattered Spider hacker community that are suspected of breaking into dozens of U.S. companies. They also broke into the network of Caesar Entertainment. Five of its alleged members were arrested last November.

Related:

The settlement covers payments to class members, attorneys fees, and administration costs. According to court documents, class members may submit evidence of a loss of up to $15,000. The class may also get a payment based on a tiered system. Class members whose social security number or military identification number were exposed are eligible for a $75 cash payment; those whose passport number or driver’s license were exposed are eligible for a $50 payment. Identity theft protection and credit monitoring are also available.

The consolidated case is In re MGM Resorts International Data Breach Litigation, No. 2:20-cv-00376, U.S. District Court, District of Nevada.

Topics Lawsuits Cyber

Was this article valuable?

Here are more articles you may enjoy.