The United States District Court for the District of Nevada gave preliminary approval for a $45 million settlement in a class action lawsuit against MGM Resorts International (NYSE: MGM) related to the September 2023 cyberattack that briefly incapacitated the casino operator.
The lawsuit also features allegations from plaintiffs whose private information was breached in a cyber incident that affected the gaming company in July 2019. Plaintiffs’ counsel claimed that MGM was negligent in its cybersecurity measures, exposing customers’ personal information during the two cyber incidents.
"The settlement includes significant financial relief for impacted plaintiffs. Class members whose social security number or military identification number were exposed are eligible for a $75 cash payment and those whose passport number or driver’s license were exposed are eligible for a $50 payment,” according to Cohen Milstein Sellers & Toll PLLC, the firm that handled the case. “In addition, all settlement class members may elect identity theft protection and credit monitoring.”
There might have been validity to the assertion that MGM's cybersecurity measures were insufficiently robust. BitSight, a firm specializing in cybersecurity ratings and analytics, assigned an “F” cybersecurity grade to the gaming company before the hack in September 2023.
The September 2023 breach, carried out by a hacking group called “Scattered Spider,” marked another instance of MGM being targeted in a cyberattack.
In February 2020, it was disclosed that hackers had stolen sensitive information of 10.6 million MGM customers, including several celebrities, from the company's database in 2019 and subsequently sold that data for profit on the dark web. In December 2022, BetMGM, which is 50% owned by MGM, disclosed a data breach thought to have happened in May 2022.
“The hotel and entertainment industries are particularly desirable targets for hackers,” said Douglas McNamara, co-lead interim class counsel and partner at Cohen Milstein.
He is also a co-lead class counsel in a similar class action lawsuit against Caesars Entertainment (NASDAQ: CZR), which was also targeted by Scattered Spider in 2023. Reports indicated that Caesars paid the hacking group up to $30 million to back off — a tactic not used by MGM. The Bellagio adhered to FBI guidelines by refusing to compensate the hackers, yet it incurred $100 million in losses along with $10 million in one-time expenses linked to the breach.
A filing from the United States District Court for the District of Nevada reveals that victims of the dual ransomware assaults on MGM will be classified into three levels, with cash payouts varying between $20 and $75.
In certain severe instances, victims may qualify for compensation of up to $15,000 if they can provide evidence of being victims of identity theft, associated legal expenses, and costs for credit repair, among other items.
“All Settlement Class Members may submit a Claim Form for a Documented Loss Cash Payment for up to $15,000.00 per Settlement Class Member upon presentment of documented losses fairly traceable to either Data Incident and attest under penalty of perjury to incurring documented losses, supported by reasonable documentation,” according to the court filing.
Each and every review is helpful. You can learn from even unfavorable reviews because they shed light on the overall gaming experience. Good reviews are concise and give enough details to prevent prospective players from having to make assumptions about the experience. We want to ensure that it is as error-free as possible and that it provides comments and suggestions without disparaging the company.
Our team of experts has examined and tested every website that made the short list. Find out more to see which are the best online casinos for you!
We make sure to list the most important benefits and disadvantages.
We research FAQ so that you don't have to.
We put the most important information for you in our reviews.