Update:
- A Nevada federal judge preliminarily approved a $45 million MGM Resorts International settlement resolving claims it failed to protect the customer information during data breaches in 2019 and 2023.
- The MGM settlement would end dozens of consolidated lawsuits filed after the data breach incidents.
- U.S. District Judge Gloria M. Navarro determined the settlement would provide “outstanding benefits” for class members, including cash payments and financial account monitoring.
- Prior to the 2023 incident, MGM attempted to have the claims involving the 2019 data breach thrown out.
- The global hospitality company unsuccessfully argued the customers did not suffer any compensable damages and thus could not claim the company negligently exposed their personal information.
(March 9, 2022)
Plaintiff John Smallman filed a data breach class action lawsuit against MGM Resorts International on Feb. 21, 2020 after he claims that his personal data was accessed through the hotel’s computer network system by hackers.
In July 2019, MGM’s computer network system was reportedly accessed by an unauthorized individual who downloaded sensitive customer data. The data breach was identified by MGM soon after, and, in early September, the company notified the affected customers of the breach. However, MGM reassured these customers that there was no evidence that the data exposed in the breach had been misused or shared with other third-parties.
Unfortunately, in February 2020, an online internet forum revealed that personal information associated with more than 10.6 million MGM guests had been posted online. This potentially personally identifiable information included customer names and addresses, phone numbers, emails, dates of birth, driver’s license numbers, passport numbers, and military identification numbers.
According to Smallman, the MGM data breach was caused by failure and negligence on the part of MGM to protect consumer privacy and ensure that adequate cybersecurity measures were in place. Additionally, Smallman claims that because of the breach, he and other MGM customers will now be required to spend significant time and money on efforts to protect themselves from the potential negative effects of having their data exposed.
Smallman claims to have stayed at MGM resorts multiple times over the past ten years and has given sensitive personal information to the company, including his driver’s license and payment card. According to the plaintiff, if he had known that the MGM’s systems were susceptible to being breached, he would not have entrusted the company with his information. Although the MGM has offered Smallman and other affected consumers a year of free credit monitoring services, the affected customers are pursuing additional damages for the breach of personal information.
Potential effects of data breaches
There are many potential negative effects that may occur due to the MGM data breach. These negative effects may include identity or financial theft, targeted scam attempts including phishing, or blackmail. Another possible side effect is SIM swapping, where a hacker convinces a person’s cell phone carrier to switch their phone number over to a SIM card owned by the hacker. By doing this, thieves are able to gain access to someone’s mobile identity and use it to gain access to other online or financial accounts. As many people link their phone numbers to their personal accounts, thieves may be able to impersonate individuals and steal their mobile or online identity.
MGM is not the only hospitality company hit with major data breaches. The Marriot data breach reportedly exposed personal information, including passport numbers, of many.
If you have stayed at an MGM resort or hotel before July 2019, your personal information may have been exposed in the data breach. Hiring an experienced attorney to review your case may be the first step towards joining a class action lawsuit and pursuing compensation for this invasion of privacy.
The MGM Data Breach Class Action Lawsuit is Smallman v. MGM Resorts International, Case No: 2:20-cv-00376, filed in the United States District Court for the District of Nevada.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
213 thoughts on$45M MGM settlement resolves data breach class actions
Add me it is on my credit report my information was stolen