June 17, 2024 3 min read


Fact-checked by Velimir Velichkov

MGM Resorts Dealing with New Class Action Lawsuit

MGM Resorts is facing another class action lawsuit concerning the data breach hacking incident that took place last September

In September 2023, the S&P 500 global gaming and entertainment company featuring national and international locations that create “immersive, iconic experiences,” MGM Resorts, was hit by an unprecedented cybersecurity attack across several US states that prompted the shutdown of computer systems

Now, MGM Resorts is facing a class action lawsuit alleging a series of failures regarding the safeguarding of guests’ data related to the same September incident.

Claims of Irreparable Harm Done to MGM Loyal Members

The lawsuit was filed by personal injury law firm THE702FIRM Injury Attorneys, claiming that the personal information that was accessed and viewed by BlackCat hackers caused irreparable damage to the MGM loyalty program’s members.

The group of hackers compromised MGM Resort’s systems, seizing customers’ names, genders, dates of birth, contact information, driver’s license numbers, and even a limited number of passport and social security numbers.

This automatically triggered a massive number of outages at several properties. 

The ordeal ended up costing the company a $100 million hit to its EBITDA in the third quarter.

The lawsuit claims the company’s “carelessness, negligence, and lack of oversight and supervision” were responsible for causing its customers to “lose all sense of privacy.”

The class action lawsuit also claims that besides the “emotional devastation of having such personal information fall into the wrong hands,” plaintiffs and class members will also be forced to take additional security measures to lower the risk of identity theft, including the purchase of lifetime subscriptions to software that offers monitoring and protection against identity theft.

The lawsuit also used the argument that the plaintiff’s class member’s rights were disregarded by MGM’s “negligent and reckless” failure to employ the correct data protection measures and reveal that it did not have the right information security controls to secure the information that could identify their guests.

The suit is asking for compensatory damages, along with the reimbursement of out-of-pocket costs, attorney’s fees, and injunctive relief.

Three Other Class Action Lawsuits on the Same Breach 

The fresh lawsuit is not the only one faced by the company concerning the September incident.

MGM is defending against at least three other similar class action lawsuits.

One of them was filed in February on behalf of Kemp Jones LLP and it alleged negligence tied to the breach that made the identity theft possible.

MGM is also dealing with a Federal Trade Commission probe into the same hacking incident, currently challenged in court.

The 2019 Security Incident 

In 2019, the operator disclosed that, on July 7 of the same year, “an individual accessed MGM Resorts International’s computer network system without permission,” downloaded partial customer data, and sold the data on the dark web.

The breach, which involved the sensitive personal data of as many as 200 million guests who had stayed at an MGM property through around December 31, 2017, led to a class action lawsuit against the company. 

Similarly, in December 2023 we announced that Rivers Casino Des Plaines in Illinois was facing a proposed class-action lawsuit as a result of a cyberattack in August which ended up exposing the personal information of thousands. 

After finishing her master's in publishing and writing, Melanie began her career as an online editor for a large gaming blog and has now transitioned over towards the iGaming industry. She helps to ensure that our news pieces are written to the highest standard possible under the guidance of senior management.

Leave a Reply

Your email address will not be published. Required fields are marked *