MGM Resorts Used ‘Incredibly Vulnerable’ Server Say Guests in 2019 Data Breach Class Action

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

MGM Resorts Data Breach Class Action Lawsuit Overview 

• Who: MGM Resorts and class action plaintiffs battled in litigation concerning a 2019 data breach that allegedly exposed the personal information of 10.6 million guests.  
• Why: MGM Resorts argued the class action should be dismissed while plaintiffs pointed out that the casino and hotel company failed to delete sensitive information and instead aggregated it onto a cloud server.  
• Where: The class action lawsuit is pending in Nevada federal court.  

MGM Resorts and guests who say their personal information was exposed in a 2019 data breach exchanged motions in a class action lawsuit accusing the hotel and casino chain of negligence when it came to cyber security.  

In July 2019, MGM’s computer network system was reportedly accessed by an unauthorized individual who downloaded sensitive customer data. The MGM data breach was identified by the hotel chain soon after, and, in early September, the company notified the affected customers of the breach. However, MGM reassured these customers that there was no evidence that the data exposed in the breach had been misused or shared with other third-parties. 

Unfortunately, in February 2020, an internet forum revealed that personal information associated with more than 10.6 million MGM guests, including customer names and addresses, phone numbers, emails, dates of birth, driver’s license numbers, passport numbers, and military identification numbers, had been posted online. 

MGM Resorts Argues No Harm Caused by Data Breach

MGM Resorts urged the Nevada court to toss the class action lawsuit in a motion calling the plaintiffs’ claims of harm “nonexistent, theoretical, and non-cognizable.” The casino and hotel chain asserted that the alleged harms, such as spam emails and lost time viewing credit reports, were not directly attributable to the MGM data breach.  

The plaintiffs shot back in court documents accusing MGM Resorts of not only using an “incredibly vulnerable” cloud server, but also choosing to “aggregate information for as many as 200 million individuals.”  

The plaintiffs also took issue with how MGM Resorts characterized the harm they allegedly suffered from exposure in the 2019 data breach. 

“The stolen [personal information (PII)] has been posted to the dark web, misuse of the PII has occurred on a wide scale, and several plaintiffs have incurred out-of-pocket costs,” says the plaintiffs’ opposition to dismissal.  

Top Class Actions will continue to monitor the MGM data breach class action lawsuit for developments.  

Were you affected by the MGM Resort data breach? Tell us about it in the comment section below! 

The plaintiffs are represented by Don Springmeyer of Kemp Jones LLP, Miles N. Clark and Matthew I. Knepper of Knepper & Clark LLC; E. Michelle Drake, Michael Dell’Angelo, Jon Lambiras and Reginald Streater of Berger Montague PC; Douglas J. McNamara, Andrew N. Friedman, Geoffrey A. Graber and Paul Stephan of Cohen Milstein Sellers & Toll PLLC; David M. Berger of Gibbs Law Group LLP; and John A. Yanchunis, Jean S. Martin and Marcio Valladares of Morgan & Morgan Complex Litigation Group.  

The MGM Resort Data Breach Class Action Lawsuit is In re: MGM Resorts International Data Breach Litigation, Case No. 2:20-cv-00376, in the U.S. District Court for the District of Nevada. 

Read About More Class Action Lawsuits & Class Action Settlements:

• MGM Personal Information Theft: Were You Affected?
• MGM Data Breach Exposes Personal Information of 10M Customers
• Beaumont Health Data Breach Class Action Settlement
• Scripps Health Hit With Another Class Action for Data Breach Affecting 147K Patients