April 9, 2021 – Investigation Closed, Lawsuit Moves Forward
Thank you to everyone who helped contribute to this investigation. Attorneys working with ClassAction.org no longer need to hear from individuals who had their information exposed as part of the MGM data breach. This is because they’ve received enough information to take legal action against MGM. At this point, a consolidated class action complaint has been filed and is making its way through the court system.
The information below was posted when the investigation began and remains for reference only. Check out our open investigations here or find out why you generally don’t need to do anything to “join” a class action lawsuit.
At A Glance
This Alert Affects:
Anyone who received a notice that their information may have been compromised as part of a 2019 data breach of MGM Resorts International’s computer network. The breach affected people who stayed at MGM hotels prior to December 31, 2017.
If you are not sure if you are one of the individuals affected by this data breach, you may call MGM’s breach hotline at 833-959-1344 to ask if your personal information was included in the breach.
What’s Going On?
Multiple class action lawsuits have been filed alleging that MGM Resorts International failed to take proper steps to protect guests’ personal information. Now, attorneys working with ClassAction.org need to hear from additional MGM Resorts customers to help strengthen their case.
How a Class Action Lawsuit Could Help
A class action could provide MGM guests with free credit monitoring and money for time spent mitigating the effects of the data breach. Guests could also be reimbursed for credit monitoring, credit freezes and other expenses incurred as a result of the breach.
If you received a letter (a sample is available here) from MGM Resorts International stating that your information may have been exposed as part of a 2019 data breach or you stayed at an MGM hotel prior to December 31, 2017, attorneys working with ClassAction.org want to hear from you.
They’ve already sued MGM Resorts over the breach, but need to speak to additional guests to help strengthen their case.
Failed to take reasonable steps to make sure its computer systems were protected against hackers
Failed to properly monitor its network and detect the breach in a timely manner
Waited two months following the breach to notify customers
Failed to implement cybersecurity best practices for hospitality companies
As a result of MGM Resorts’ actions – or lack thereof – guests are now at a “heightened and imminent risk of fraud and identity theft,” the lawsuit says.
The case claims that MGM Resorts’ guests must now spend both time and money to closely monitor their bank accounts, credit cards and credit reports for fraudulent activity.
Further, the suit says, guests would not have paid as much as they did for their hotel stays – or would not have stayed at all – had they known MGM Resorts failed to implement proper data security measures.
How a Lawsuit Could Help
If the case is successful, guests may be able to recover:
Money for time spent dealing with the effects of the data breach
Free credit monitoring beyond what’s already being offered by MGM
Reimbursement of costs paid for credit freezes, credit reports, credit monitoring, identity protection services and other expenses related to mitigating the effects of the data breach
MGM Resorts could also be ordered by the court to make certain improvements to its data security systems.
MGM Data Breach: What Happened?
On July 7, 2019, a hacker reportedly gained access to MGM’s computer network – and the personal information of more than 10 million guests.
This information may have included:
E-mail addresses and phone numbers
Dates of birth
Drivers’ license numbers
Military identification numbers
The lawsuit claims that in mid-February 2020, the stolen information of “all 10.6 million MGM guests” was posted on the dark web.
Although the breach took place in early July 2019, MGM did not alert its customers to the intrusion until September of the same year.
Which MGM Hotel Brands Were Affected?
The breach is believed to have affected MGM hotel brands including:
New York-New York
Signature at MGM Grand
MGM Grand Detroit (Detroit, Michigan)
Beau Rivage (Biloxi, Mississippi)
Gold Strike Tunica (Tunica, Mississippi)
Borgata (Atlantic City, New Jersey)
MGM National Harbor (Prince George’s County, Maryland)