MGM Resorts to pay $45M to settle data breach lawsuits

MGM Resorts has agreed to a $45 million settlement to resolve multiple class action lawsuits following two major data breaches that exposed the personal information of millions of customers, reports TechCrunch.

The settlement, which was reached on Jan. 21, is pending approval by a Las Vegas federal court with a ruling expected on June 18. The breaches altogether compromised the data of more than 37 million customers. The 2019 incident involved the theft of customer names, addresses, and phone numbers, with some of the stolen data later surfacing on a cybercrime forum. The 2023 ransomware attack had a more severe impact, causing significant operational disruptions at MGM’s Las Vegas properties for several weeks and leading to over $100 million in losses. Hackers also obtained sensitive data, including Social Security and passport numbers. Under the settlement, approximately 30% of the fund will go toward legal fees, while affected customers may receive up to $75 each based on the nature of their compromised data.