MGM Resorts Hit with Lawsuit Over Data Breach

April 23, 2020

Contact Us

Comments |

At A Glance

This Alert Affects:
Anyone who received a notice that their information may have been compromised as part of a 2019 data breach of MGM Resorts International’s computer network. The breach affected people who stayed at MGM hotels prior to December 31, 2017.

If you are not sure if you are one of the individuals affected by this data breach, you may call MGM’s breach hotline at 833-959-1344 to ask if your personal information was included in the breach.
What’s Going On?
Multiple class action lawsuits have been filed alleging that MGM Resorts International failed to take proper steps to protect guests’ personal information. Now, attorneys working with ClassAction.org need to hear from additional MGM Resorts customers to help strengthen their case.
What You Can Do
If you received a letter from MGM about the data breach or stayed at an MGM hotel prior to December 31, 2017, fill out the form on this page. One of the attorneys handling this investigation may then reach out to you directly.
How a Class Action Lawsuit Could Help
A class action could provide MGM guests with free credit monitoring and money for time spent mitigating the effects of the data breach. Guests could also be reimbursed for credit monitoring, credit freezes and other expenses incurred as a result of the breach.

If you received a letter (a sample is available here) from MGM Resorts International stating that your information may have been exposed as part of a 2019 data breach or you stayed at an MGM hotel prior to December 31, 2017, attorneys working with ClassAction.org want to hear from you.

They’ve already sued MGM Resorts over the breach, but need to speak to additional guests to help strengthen their case.

To get in touch, fill out the form on this page. One of the attorneys working with ClassAction.org may then reach out to you directly. He or she will gather more information from you on how you were affected and explain why you may be owed money for credit monitoring and other expenses incurred as a result of the breach.

What Does the Lawsuit Say Exactly?

The proposed class action lawsuit claims MGM Resorts:

  • Failed to take reasonable steps to make sure its computer systems were protected against hackers
  • Failed to properly monitor its network and detect the breach in a timely manner
  • Waited two months following the breach to notify customers
  • Failed to implement cybersecurity best practices for hospitality companies
  • Misrepresented in its privacy policy that it had the proper security measures in place to keep guests’ personal information safe

As a result of MGM Resorts’ actions – or lack thereof – guests are now at a “heightened and imminent risk of fraud and identity theft,” the lawsuit says.

The case claims that MGM Resorts’ guests must now spend both time and money to closely monitor their bank accounts, credit cards and credit reports for fraudulent activity.

Further, the suit says, guests would not have paid as much as they did for their hotel stays – or would not have stayed at all – had they known MGM Resorts failed to implement proper data security measures.

How a Lawsuit Could Help

If the case is successful, guests may be able to recover:

  • Money for time spent dealing with the effects of the data breach
  • Free credit monitoring beyond what’s already being offered by MGM
  • Reimbursement of costs paid for credit freezes, credit reports, credit monitoring, identity protection services and other expenses related to mitigating the effects of the data breach

MGM Resorts could also be ordered by the court to make certain improvements to its data security systems.

MGM Data Breach: What Happened?

On July 7, 2019, a hacker reportedly gained access to MGM’s computer network – and the personal information of more than 10 million guests.

This information may have included:

  • Names
  • Addresses
  • E-mail addresses and phone numbers
  • Dates of birth
  • Passport numbers
  • Drivers’ license numbers
  • Military identification numbers

The lawsuit claims that in mid-February 2020, the stolen information of “all 10.6 million MGM guests” was posted on the dark web.

Although the breach took place in early July 2019, MGM did not alert its customers to the intrusion until September of the same year.

Which MGM Hotel Brands Were Affected?

The breach is believed to have affected MGM hotel brands including:

  • MGM Grand
  • Aria
  • Bellagio
  • Circus Circus
  • Excalibur
  • Luxor
  • Mandalay Bay
  • The Mirage
  • New York-New York
  • Park MGM
  • Signature at MGM Grand
  • MGM Grand Detroit (Detroit, Michigan)
  • Beau Rivage (Biloxi, Mississippi)
  • Gold Strike Tunica (Tunica, Mississippi)
  • Borgata (Atlantic City, New Jersey)
  • MGM National Harbor (Prince George’s County, Maryland)
  • MGM Springfield (Springfield, Massachusetts)

    • What You Can Do 

    If you received a letter saying that your information was compromised as part of the MGM Resorts data breach or you stayed at an MGM hotel prior to December 31, 2017, fill out the form on this page.

    You may be able to help strengthen the case against MGM and recover compensation for credit monitoring, credit freezes and other expenses incurred as a result of the breach. It costs nothing to get in touch or to speak to one of the attorneys we work with about your rights.

Before commenting, please review our comment policy.

The information submitted on this page will be forwarded to Berger Montague who has sponsored this investigation.

Contact Us