MGM Resorts Reaches $45 Million Settlement Over Data Breaches

What the Settlement Covers

The agreement provides financial compensation and identity protection services for affected customers. Payouts are structured into three tiers, depending on the severity of the data exposure:

• $75 for those whose Social Security or military identification numbers were compromised.
• $50 for those whose passport or driver’s license numbers were leaked.
• $20 for individuals whose general personal information, such as names and addresses, was exposed.

Additionally, affected customers can claim up to $15,000 for documented losses tied to identity theft, such as legal fees and fraud-related expenses. The settlement also includes one year of free credit monitoring and identity theft protection.

The MGM Data Breaches

The first breach in 2019 saw the personal information of 10.6 million guests leaked on hacker forums. Stolen data included names, addresses, and passport numbers—impacting high-profile figures like celebrities and executives.

In September 2023, MGM fell victim to a ransomware attack by the BlackCat/Alphv hacking group. Cybercriminals infiltrated MGM’s network by impersonating an IT administrator, leading to widespread disruptions.

Customers faced issues accessing hotel rooms, processing payments, and using ATMs, while MGM reportedly lost $100 million in revenue. This breach compounded the damage from 2019, as hackers accessed even more sensitive information, including Social Security numbers and military IDs.

MGM’s settlement is currently pending final court approval, with a decision expected on June 18. Meanwhile, the company remains under investigation by the Federal Trade Commission (FTC) over its cybersecurity vulnerabilities.