MGM Data Breach Lawsuit Settles for $45M

In a significant development in data breach news, MGM’s casino data breach lawsuit concludes with a staggering $45 million settlement. This agreement addresses two major security incidents that affected approximately 37 million people worldwide, including a 2019 breach exposing sensitive customer data and the MGM data breach 2023 ransomware attack that paralyzed key systems.

The impact of these cyberattacks was far-reaching, with world casino customers' personal data of up to 200 million guests being compromised through December 31, 2017. The exposed data included sensitive information stolen such as driver's license numbers, passport information, customer addresses, and dates of birth. Additionally, the 2023 ransomware attack alone cost MGM approximately $100 million, highlighting the massive scale of this cybersecurity incident that we're now seeing resolved through this class action settlement.

MGM Data Breach Settlement Details

The U.S. District Court of Nevada has granted preliminary approval for the consolidated class-action lawsuit settlement. The legal action combines two separate data breach incidents that occurred at MGM properties, including the BetMGM data breach lawsuit.

The first breach, occurring in July 2019, involved unauthorized access to MGM's computer network system. Subsequently, the hacker downloaded and posted customer data compromised on a closed internet forum, potentially leading to dark web data sale. Moreover, a second breach in September 2023 involved a ransomware attack that disabled key systems, affecting gaming machines and hotel room access.

The $45 million settlement addresses the concerns of an estimated 37 million people affected by both attacks. Furthermore, the lawsuit alleges that MGM's inadequate data security practices led to these breaches. The MGM Resorts breach in 2023 particularly impacted MGM's operations, shutting down several major Las Vegas Strip casinos during peak summer season.

According to court documents, the breaches exposed various types of sensitive information:

• Driver's license numbers

• Passport numbers

• Customer addresses

• Social Security numbers

• Military identification numbers

The financial impact on MGM has been substantial, with the 2023 attack alone resulting in damages of approximately $100 million. However, the company's October 2023 SEC filing indicates that insurance coverage is expected to handle these costs. The settlement agreement primarily focuses on compensating affected customers while ensuring data security improvements moving forward.

Customer Compensation Structure

The compensation structure for affected MGM customers offers multiple tiers of financial relief based on the type of personal information exposed. This tiered compensation approach ensures fair distribution of the $45 million settlement. Primarily, individuals whose social security numbers or military identification numbers were compromised qualify for a $75 cash payment. Consequently, those who had their passport numbers or driver's licenses exposed are eligible for a $50 payment.

For those wondering about the MGM settlement per person, it's important to note that the amount varies based on the type of data exposed. Beyond direct cash compensation, the settlement provides comprehensive identity protection measures. Notably, all class members, regardless of the type of information exposed, can receive identity theft protection and credit monitoring services. These services aim to safeguard against potential future misuse of compromised data and mitigate identity theft risk.

The settlement structure includes several reimbursement options:

• Compensation for actual identity theft losses

• Reimbursement of out-of-pocket costs like credit monitoring fees

• Payment for time spent addressing breach-related issues ($20 per hour for up to five hours)

• Extended credit monitoring and identity theft insurance

Therefore, the total settlement value of $45 million essentially creates a safety net for the estimated 37 million individuals affected by both cyber incidents. The settlement terms reflect the scale and severity of the data breaches, which resulted in substantial operational disruptions and financial losses for MGM Resorts International.

For those interested in how to join the MGM class action lawsuit, affected customers will receive notifications with instructions on how to claim their share of the settlement. It's crucial for potential claimants to review these notifications carefully and follow the provided guidelines to ensure they receive the compensation they're entitled to.

This story will be updated as more information becomes available.