MGM Resorts Hit with Lawsuit Over Data Breach

Last Updated on February 3, 2025

Investigation Complete

Attorneys working with ClassAction.org have finished their investigation into this matter. Check back for any potential updates. You can also sign up for our free newsletter for the latest in class action news and settlements.

If you still have questions about your rights, contact an attorney in your area as there is a time limit for filing all lawsuits. The information on this page was posted when the investigation began and is now for reference only.

Free Consumer Tools:

View List of Lawsuits

→

Comments |

Case Update

February 3, 2025 - $45M MGM Settlement Wraps Up Data Breach Class Action Lawsuit: MGM Resorts International has agreed to pay a $45 million settlement to resolve class action lawsuits filed over data breaches experienced by the hospitality and gaming giant in July 2019 and September 2023.

Learn more about the $45 million MGM settlement.

Don’t miss out on class action settlement news like this. Sign up for ClassAction.org’s free weekly newsletter.
April 9, 2021 – Investigation Closed, Lawsuit Moves Forward: Thank you to everyone who helped contribute to this investigation. Attorneys working with ClassAction.org no longer need to hear from individuals who had their information exposed as part of the MGM data breach. This is because they’ve received enough information to take legal action against MGM. At this point, a consolidated class action complaint has been filed and is making its way through the court system.

Check back to this page for updates on the case or sign up for our newsletter for the latest.

The information below was posted when the investigation began and remains for reference only. Check out our open investigations here or find out why you generally don’t need to do anything to “join” a class action lawsuit.

At A Glance

This Alert Affects:: Anyone who received a notice that their information may have been compromised as part of a 2019 data breach of MGM Resorts International’s computer network. The breach affected people who stayed at MGM hotels prior to December 31, 2017.

If you are not sure if you are one of the individuals affected by this data breach, you may call MGM’s breach hotline at 833-959-1344 to ask if your personal information was included in the breach.
What’s Going On?: Multiple class action lawsuits have been filed alleging that MGM Resorts International failed to take proper steps to protect guests’ personal information. Now, attorneys working with ClassAction.org need to hear from additional MGM Resorts customers to help strengthen their case.
How a Class Action Lawsuit Could Help: A class action could provide MGM guests with free credit monitoring and money for time spent mitigating the effects of the data breach. Guests could also be reimbursed for credit monitoring, credit freezes and other expenses incurred as a result of the breach.

If you received a letter (a sample is available here) from MGM Resorts International stating that your information may have been exposed as part of a 2019 data breach or you stayed at an MGM hotel prior to December 31, 2017, attorneys working with ClassAction.org want to hear from you.

They’ve already sued MGM Resorts over the breach, but need to speak to additional guests to help strengthen their case.

What Does the Lawsuit Say Exactly?

The proposed class action lawsuit claims MGM Resorts:

Failed to take reasonable steps to make sure its computer systems were protected against hackers
Failed to properly monitor its network and detect the breach in a timely manner
Waited two months following the breach to notify customers
Failed to implement cybersecurity best practices for hospitality companies
Misrepresented in its privacy policy that it had the proper security measures in place to keep guests’ personal information safe

As a result of MGM Resorts’ actions – or lack thereof – guests are now at a “heightened and imminent risk of fraud and identity theft,” the lawsuit says.

The case claims that MGM Resorts’ guests must now spend both time and money to closely monitor their bank accounts, credit cards and credit reports for fraudulent activity.

Further, the suit says, guests would not have paid as much as they did for their hotel stays – or would not have stayed at all – had they known MGM Resorts failed to implement proper data security measures.

How a Lawsuit Could Help

If the case is successful, guests may be able to recover:

Money for time spent dealing with the effects of the data breach
Free credit monitoring beyond what’s already being offered by MGM
Reimbursement of costs paid for credit freezes, credit reports, credit monitoring, identity protection services and other expenses related to mitigating the effects of the data breach

MGM Resorts could also be ordered by the court to make certain improvements to its data security systems.

MGM Data Breach: What Happened?

On July 7, 2019, a hacker reportedly gained access to MGM’s computer network – and the personal information of more than 10 million guests.

This information may have included:

Names
Addresses
E-mail addresses and phone numbers
Dates of birth
Passport numbers
Drivers’ license numbers
Military identification numbers

The lawsuit claims that in mid-February 2020, the stolen information of “all 10.6 million MGM guests” was posted on the dark web.

Although the breach took place in early July 2019, MGM did not alert its customers to the intrusion until September of the same year.

Which MGM Hotel Brands Were Affected?

The breach is believed to have affected MGM hotel brands including:

MGM Grand
Aria
Bellagio
Circus Circus
Excalibur
Luxor
Mandalay Bay
The Mirage
New York-New York
Park MGM
Signature at MGM Grand
MGM Grand Detroit (Detroit, Michigan)
Beau Rivage (Biloxi, Mississippi)
Gold Strike Tunica (Tunica, Mississippi)
Borgata (Atlantic City, New Jersey)
MGM National Harbor (Prince George’s County, Maryland)
MGM Springfield (Springfield, Massachusetts)

Before commenting, please review our comment policy.