MGM agrees to pay $45 million to victims of 2019 data breach and 2023 ransomware attack

Avatar

MGM Resorts International agreed to pay $45 million to settle multiple class action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. 

The two sides confirmed the agreement in a Las Vegas federal court on January 21 and the final approval hearing will take place on June 18. 

In court filings with the U.S. District Court of Nevada, lawyers for the victims said more than 37 million customers of MGM Resorts International had information stolen during the cyberattack in July 2019 and the September 2023 ransomware attack. 

The July 2019 incident saw hackers steal names, addresses, passport numbers and more from MGM Casino guests while the ransomware attack gave cybercriminals access to the same type of information as well as driver’s license numbers, military ID numbers and Social Security numbers. 

The agreement culminates 14 class action lawsuits that were consolidated last year. Multiple mediations took place before an agreement was hammered out on October 31. 

The $45 million will be dispersed to victims through a tiered system based on what information a person had stolen. Those in the first tier will receive $75 while those in tier two will get $50 and tier three will see $20 payments. 

Victims can also receive more funds if they can provide documentation of further losses resulting from identity theft related to the breaches. Those who file a documented loss cash payment claim form can receive up to $15,000. 

The $45 million will also cover lawyers fees, payout administration and identity theft protection services that can be applied for. 

Following the 2019 breach, the personal information of 10.6 million users who stayed at MGM Resorts was leaked to a hacking forum.

The ransomware attack caused chaotic scenes across Las Vegas, with everything from slot machines to hotel room keys and ATMs knocked out of service for days. 

MGM Resorts International owns multiple high-profile hotels in Las Vegas, including Mandalay Bay, the Bellagio, the Cosmopolitan and the Aria. Hotels were unable to accept credit cards and guests were left scrambling to find alternative housing while staff at multiple casinos had to calculate slot machine losses and wins by hand. 

Ransomware hackers connected to the now-defunct BlackCat/Alphv gang eventually took credit for the attack. The company said in regulatory filings that it lost about $100 million throughout the incident.

The company is still facing investigations by the Federal Trade Commission over the ransomware attack.

CybercrimeNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Ransomware attack kept major energy industry contractor out of some systems for 6 weeks

Next Post

Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer

Related Posts

Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls

Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority. Users who attempt
Avatar
Read More

AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections

A Moscow-based company sanctioned by the U.S. earlier this year has been linked to yet another influence operation designed to turn public opinion against Ukraine and erode Western support since at least December 2023. The covert campaign undertaken by Social Design Agency (SDA) leverages videos enhanced using artificial intelligence (AI) and bogus websites impersonating reputable news sources
Avatar
Read More