MGM Resorts Data Breaches Lead to $4M Canadian Class-Action Settlement
A proposed $4 million class-action settlement has been certified by the Supreme Court of British Columbia for Canadians affected by two major data breaches at MGM Resorts International. The incidents occurring in July 2019 and September 2023 exposed sensitive personal information of millions of guests.
The 2019 breach compromised names, addresses, and passport numbers, while the 2023 ransomware attack also exposed driver’s license numbers, military IDs, and Social Security numbers. U.S. court filings indicate over 37 million customers were impacted across both incidents. MGM Resorts has denied liability, stating the settlement was reached to avoid prolonged litigation.
Eligibility extends to Canadians (excluding Quebec) whose data was exposed in the 2019 breach. Quebec residents may pursue compensation through separate class actions in the province, both pending court approval.
Under the proposed settlement, funds will cover:
- Credit monitoring (one year) with up to $1 million in fraud/identity theft insurance.
- Substantiated losses (up to $20,000 per claim).
- Unsubstantiated losses ($150 for one incident, $300 for both).
Payouts may be adjusted based on claim volume, with maximums of $500 (one incident) or $1,000 (both incidents). The settlement approval hearing is scheduled for May 25, with an opt-out deadline of May 19. Affected individuals are automatically included unless they choose to exclude themselves.
Source: https://dailyhive.com/canada/class-action-settlement-mgm-resorts
MGM Resorts International cybersecurity rating report: https://www.rankiteo.com/company/mgm-resorts-international
"id": "MGM1776443945",
"linkid": "mgm-resorts-international",
"type": "Ransomware",
"date": "7/2019",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Over 37 million (across both '
'incidents)',
'industry': 'Hospitality',
'location': 'United States',
'name': 'MGM Resorts International',
'size': 'Large',
'type': 'Corporation'}],
'customer_advisories': 'Credit monitoring and fraud/identity theft insurance '
'offered to affected individuals',
'data_breach': {'number_of_records_exposed': 'Over 37 million (across both '
'incidents)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Passport numbers',
'Driver’s license numbers',
'Military IDs',
'Social Security numbers']},
'date_detected': ['2019-07', '2023-09'],
'description': 'A proposed $4 million class-action settlement has been '
'certified by the Supreme Court of British Columbia for '
'Canadians affected by two major data breaches at MGM Resorts '
'International. The incidents occurring in July 2019 and '
'September 2023 exposed sensitive personal information of '
'millions of guests. The 2019 breach compromised names, '
'addresses, and passport numbers, while the 2023 ransomware '
'attack also exposed driver’s license numbers, military IDs, '
'and Social Security numbers. U.S. court filings indicate over '
'37 million customers were impacted across both incidents. MGM '
'Resorts has denied liability, stating the settlement was '
'reached to avoid prolonged litigation.',
'impact': {'data_compromised': 'Names, addresses, passport numbers, driver’s '
'license numbers, military IDs, Social '
'Security numbers',
'financial_loss': '$4,000,000 (settlement amount)',
'identity_theft_risk': 'High',
'legal_liabilities': 'Class-action settlement'},
'investigation_status': 'Settlement proposed',
'references': [{'source': 'Supreme Court of British Columbia'}],
'regulatory_compliance': {'legal_actions': 'Class-action lawsuit'},
'title': 'MGM Resorts Data Breaches Lead to $4M Canadian Class-Action '
'Settlement',
'type': ['Data Breach', 'Ransomware']}