MGM Hit with Class Action Over Summer 2019 Data Breach Affecting 10.6 Million Guests [UPDATE]
Last Updated on January 30, 2025
Smallman v. MGM Resorts International
Filed: February 21, 2020 ◆§ 2:20-cv-00376
A class action claims MGM Resorts failed to properly protect customer data and delayed informing guests of a Summer 2019 data breach.
January 30, 2025 – $45 Million MGM Settlement Resolves Data Breach Lawsuits
A $45 million settlement has been reached to resolve the proposed class action lawsuit detailed on this page.
Get more details about the MGM data breach settlement.
Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.
A proposed class action lawsuit claims MGM Resorts International not only failed to properly safeguard customers’ private information but minimized to the public the true extent of a Summer 2019 data breach.
Filed in Nevada, the case claims an unauthorized individual gained access to the hospitality and entertainment giant’s computer network on July 7, 2019 and proceeded to steal the names, addresses, drivers’ license numbers and other personally identifiable information (PII) of more than 10.6 million guests. Rather than promptly disclose the incident, MGM, in an effort to avoid negative press in the wake of the 2017 Las Vegas mass shooting, “avoided bringing the matter to public light, hoping that the [b]reach and its inadequate cyber security practices would go unnoticed,” the lawsuit says.
According to the complaint, MGM did not notify affected guests that their personal information had been compromised until September 5, 2019 when the company released a statement assuring that “there is no evidence that your information has been misused.” Despite the defendant’s assurances, however, the stolen data was reportedly published on a “popular internet hacking forum, available for misuse by a host of bad actors” in February 2020, the lawsuit says.
Although MGM’s privacy policy purports that the company uses “industry standard” cyber security measures, MGM’s failure to protect customers’ data from unauthorized parties suggests otherwise, the lawsuit argues. The complaint further claims that MGM’s decision to delay informing guests of the breach prevented those affected from taking the steps needed to protect themselves from identity theft and fraud.
As a result of MGM’s failure to safeguard consumer data, the suit contends, guests affected by the breach face “long lasting and severe” consequences, including a heightened risk of identity fraud and theft. Consumers may also be forced to spend time and money on protective measures. The plaintiff stresses that although the defendant offered 12 months of free credit monitoring to those affected by the breach, the olive branch is “wholly inadequate” in that proposed class members face potentially years of an increased risk of identity theft.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.