MGM Resorts Hit with Lawsuit Over Data Breach

April 23, 2020 Last Updated on April 9, 2021

Important Information

Attorneys working with ClassAction.org are no longer investigating this matter. The information here is for reference only. A list of open investigations and lawsuits can be viewed here.

View List of Lawsuits
Comments |

Case Update

April 9, 2021 – Investigation Closed, Lawsuit Moves Forward
Thank you to everyone who helped contribute to this investigation. Attorneys working with ClassAction.org no longer need to hear from individuals who had their information exposed as part of the MGM data breach. This is because they’ve received enough information to take legal action against MGM. At this point, a consolidated class action complaint has been filed and is making its way through the court system.

Check back to this page for updates on the case or sign up for our newsletter for the latest.

The information below was posted when the investigation began and remains for reference only. Check out our open investigations here or find out why you generally don’t need to do anything to “join” a class action lawsuit.

At A Glance

This Alert Affects:
Anyone who received a notice that their information may have been compromised as part of a 2019 data breach of MGM Resorts International’s computer network. The breach affected people who stayed at MGM hotels prior to December 31, 2017.

If you are not sure if you are one of the individuals affected by this data breach, you may call MGM’s breach hotline at 833-959-1344 to ask if your personal information was included in the breach.
What’s Going On?
Multiple class action lawsuits have been filed alleging that MGM Resorts International failed to take proper steps to protect guests’ personal information. Now, attorneys working with ClassAction.org need to hear from additional MGM Resorts customers to help strengthen their case.
How a Class Action Lawsuit Could Help
A class action could provide MGM guests with free credit monitoring and money for time spent mitigating the effects of the data breach. Guests could also be reimbursed for credit monitoring, credit freezes and other expenses incurred as a result of the breach.

If you received a letter (a sample is available here) from MGM Resorts International stating that your information may have been exposed as part of a 2019 data breach or you stayed at an MGM hotel prior to December 31, 2017, attorneys working with ClassAction.org want to hear from you.

They’ve already sued MGM Resorts over the breach, but need to speak to additional guests to help strengthen their case.

What Does the Lawsuit Say Exactly?

The proposed class action lawsuit claims MGM Resorts:

  • Failed to take reasonable steps to make sure its computer systems were protected against hackers
  • Failed to properly monitor its network and detect the breach in a timely manner
  • Waited two months following the breach to notify customers
  • Failed to implement cybersecurity best practices for hospitality companies
  • Misrepresented in its privacy policy that it had the proper security measures in place to keep guests’ personal information safe

As a result of MGM Resorts’ actions – or lack thereof – guests are now at a “heightened and imminent risk of fraud and identity theft,” the lawsuit says.

The case claims that MGM Resorts’ guests must now spend both time and money to closely monitor their bank accounts, credit cards and credit reports for fraudulent activity.

Further, the suit says, guests would not have paid as much as they did for their hotel stays – or would not have stayed at all – had they known MGM Resorts failed to implement proper data security measures.

How a Lawsuit Could Help

If the case is successful, guests may be able to recover:

  • Money for time spent dealing with the effects of the data breach
  • Free credit monitoring beyond what’s already being offered by MGM
  • Reimbursement of costs paid for credit freezes, credit reports, credit monitoring, identity protection services and other expenses related to mitigating the effects of the data breach

MGM Resorts could also be ordered by the court to make certain improvements to its data security systems.

MGM Data Breach: What Happened?

On July 7, 2019, a hacker reportedly gained access to MGM’s computer network – and the personal information of more than 10 million guests.

This information may have included:

  • Names
  • Addresses
  • E-mail addresses and phone numbers
  • Dates of birth
  • Passport numbers
  • Drivers’ license numbers
  • Military identification numbers

The lawsuit claims that in mid-February 2020, the stolen information of “all 10.6 million MGM guests” was posted on the dark web.

Although the breach took place in early July 2019, MGM did not alert its customers to the intrusion until September of the same year.

Which MGM Hotel Brands Were Affected?

The breach is believed to have affected MGM hotel brands including:

  • MGM Grand
  • Aria
  • Bellagio
  • Circus Circus
  • Excalibur
  • Luxor
  • Mandalay Bay
  • The Mirage
  • New York-New York
  • Park MGM
  • Signature at MGM Grand
  • MGM Grand Detroit (Detroit, Michigan)
  • Beau Rivage (Biloxi, Mississippi)
  • Gold Strike Tunica (Tunica, Mississippi)
  • Borgata (Atlantic City, New Jersey)
  • MGM National Harbor (Prince George’s County, Maryland)
  • MGM Springfield (Springfield, Massachusetts)

Before commenting, please review our comment policy.