MGM Resorts, the Las Vegas hospitality titan, recently agreed to shell out $45 million to lay to rest a series of class-action lawsuits. These suits arose from two major data breaches at the company, leading to the loss of personal details of millions of clients.
The multimillion-dollar settlement sprouted from an agreement on January 21st, as gleaned from a court document initially reported by The Record. The proposal’s approval falls under the purview of a federal court in Las Vegas, set to pronounce a ruling on the matter on June 18.
Two back-to-back data heists in 2019 and 2023 sparked these legal battles. Details swiped during the 2019 breach included names, physical addresses, and phone numbers lifted from MGM’s databases. The company confirmed this breach following its discovery on a cybercrime forum.
Yet another cyber onslaught in 2023 took a large toll on MGM’s systems, triggering enduring outages and disarray across its Las Vegas Strip properties like Bellagio, Aria, and Cosmopolitan. Alongside a colossal disruption, the attackers also made off with personal data, counting Social Security and passport numbers among their loot. MGM attributed over $100 million in damages to this ransomware onslaught.
Despite the settlement, the company has opted to remain tight-lipped about the exact number of affected patrons. According to the filing, both data breaches impacted more than 37 million customers. MGM’s spokesperson Brian Ahern has yet to break his silence in response to TechCrunch’s query.
When broken down, roughly thirty percent of the total settlement amount will cover lawyer expenses. This leaves the victims with potential compensations of up to $75 each, contingent on the category of personal data exposed.
Original source: Read the full article on TechCrunch
