SEC
Oct 2, 2023
Jan 28, 2025
MGM Resorts’ $45 Million Data Breach Settlement Advances
.svg)
.svg)
It’s not every day that the bright lights of Las Vegas dim—not on the Strip itself, but behind the scenes, where ransomware and cyberattacks have been quietly wreaking havoc. MGM Resorts International is now on the hook for a $45 million settlement after two major data breaches in 2019 and 2023 left millions of customers scrambling to secure their personal information. Last week, a federal judge in Nevada gave preliminary approval to the settlement, which aims to bring some measure of relief to affected customers. But does $45 million buy closure for a crisis like this?
Under the proposed settlement, MGM will set up a tiered compensation system for its customers based on how much of their personal information was exposed. The tiers? Think of them like a casino payout table—small wins for some, big stakes for others.
For those who can prove their losses, payments could reach up to $15,000. Others may be eligible for smaller sums: $75, $50, or $20. Affected customers will receive a notice with a unique identifier to apply for compensation through a dedicated settlement website—an ironic reliance on technology, given the nature of the breaches.
The numbers may seem neat on paper, but for the millions of customers caught up in this digital heist, the impacts are far messier.
Lights Out in Las Vegas
The 2023 ransomware attack, in particular, will go down as one of the most disruptive cyber incidents in recent memory. MGM’s systems were effectively held hostage, forcing the company to shut everything down rather than negotiate with the attackers. The fallout was dramatic. Hotel guests couldn’t access their rooms, reservation systems went offline, and even gaming machines were rendered useless.
For days, chaos reigned behind the glamorous facade. Front desk clerks resorted to pencil-and-paper note-taking—a surreal callback to pre-digital days. Guests vented on social media, employees scrambled to manage the fallout, and cybersecurity experts sounded the alarm about vulnerabilities in the hospitality industry.
It was a sobering reminder that even a powerhouse like MGM Resorts wasn’t immune to cyberattacks. And this wasn’t their first rodeo.
2019: The Breach That Started It All
The 2019 breach may not have been as high-profile, but its impact was no less significant. Hackers managed to steal sensitive customer data, including driver’s license numbers, passport details, and home addresses. Tens of millions of people were affected, and the fallout lingered for years.
These incidents laid bare the vulnerabilities of the hotel and entertainment industries, with hackers recognizing them as lucrative targets. McNamara emphasized this point in a statement, noting that Caesars Entertainment was also hit by the same hacker group in 2023. Unlike MGM, Caesars opted to pay the group $15 million to prevent further damage.
But beyond the settlement, the question looms whether MGM—and the broader hospitality industry—will fortify itself against future attacks?
Cybersecurity isn’t just an IT issue anymore, it’s a business continuity issue, a customer trust issue, and, increasingly, a financial issue. With this settlement, MGM may be hoping to close the book on two painful chapters, but the broader narrative of cybersecurity in the digital age is far from over.
For now, the bright lights of Vegas shine on. But somewhere in the glow, there’s a faint reminder that even the glitziest facades can hide vulnerabilities. And for MGM’s millions of customers, the gamble of having their data exposed has been anything but fun and games.
The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.