MGM Customers May Be at Risk Due to Recent Data Breach
Schubert Jonckheer & Kolbe LLP is investigating a data breach impacting the personal information of millions of customers of casino operator MGM Resorts International. Affected hotels and casinos may include the MGM Grand, Aria, Bellagio, Delano, Excalibur, Luxor, Mandalay Bay, Park MGM, New York-New York, Park MGM, Signature at MGM Grand, and Vdara.
After a long history of lax cybersecurity, on or around September 10, 2023, MGM allegedly suffered a massive cyber-attack, in which a group of teens and young adults known as “Scattered Spider” infiltrated its systems by impersonating an MGM employee. As a result, the cybercriminal group was allegedly able to download over six terabytes of data from MGM’s systems. They then reportedly demanded a ransom be paid in cryptocurrency.
This is not MGM’s first data breach. In 2019, the company experienced another massive data breach, in which the personal information of over 142 million of its customers was sold on the dark web because of its negligent data security practices.
Although it is not yet confirmed exactly what information was taken in the current data breach, the stolen data likely includes the full names, dates of birth, addresses, driver’s licenses, passport numbers, and social security numbers of MGM’s customers, including members of its rewards program. As a result, MGM’s customers have likely been exposed to increased risks of fraud, identity theft, and other misuse of their personally identifiable information (“PII”).
If you were a customer of MGM’s hotels or casinos (or a member of MGM’s Rewards program) before September 11, 2023, you may be affected by the breach. Accordingly, you may be owed money damages and an injunction requiring changes to MGM’s cybersecurity practices.
If you were a MGM customer or rewards program member, please complete the form below for a free legal consultation.