🗃️💣

MGM Resorts International Security Incident

2019 and 2023 830 days ago Resolved

Incident Overview

Situation Description

MGM Resorts International suffered two major data breaches in 2019 and 2023, leading to a $45 million settlement in a class action lawsuit over alleged failures to protect customer data.

Event Types

Data Breach Malware / Destructive Attack

Industry Sector

Hospitality

Geographic Scope

National (US)

Response Actions

Fulfilled Formal Breach Disclosure Obligations Notified Affected Individuals & Entities Paid Regulatory Fines or Legal Settlements Managed Public Narrative & Crisis Communications

Impact Analysis

Event Types (2 identified)

Data Breach Malware / Destructive Attack

Financial Impact

$145,000,000 USD

Records Affected

37,000,000

Data Types Compromised

PII Credentials

Primary Impacts

Financial Loss Data Exposure Operational Disruption Reputational Damage Legal/Regulatory Penalties

Key Decisions Made

MGM agreed to a $45 million settlement to resolve class action lawsuits stemming from data breaches in 2019 and 2023.; MGM discovered the 2019 data breach in the summer of 2019 and notified affected guests by September 5, 2019.; MGM reported that the 2023 cyberattack resulted in approximately $100 million in lost revenue due to business downtime.

Technical Analysis

Attack Method

Unknown

Additional Information

If you are in a hurry -> Lessons and Best Practices for CISOs Introduction MGM Resorts International a global hospitality and casino giant suffered two major data breaches (in 2019 and 2023) that exposed millions of guest records ( MGM Resorts settles class action lawsuit over cyber attacks in 2019, 2023 ). The fallout included dozens of lawsuits consolidated into a class action alleging MGMs failure to protect customer data. In early 2025, MGM agreed to a $45 million settlement to resolve these claims ( $45 Million MGM Settlement Resolves Data Breach Lawsuits Over 2019, 2023 Cyberattacks ). This high-profile case offers valuable insights for Chief Information Security Officers (CISOs) about the legal risks of cybersecurity failures and how to avoid them. Below, we analyze the key aspects of the MGM breach settlement the parties involved, the claims of negligence and legal violations, specific security lapses cited, and the settlement terms and distill best practices CISOs can adopt to prevent similar incidents and lawsuits. Background: The Company and the Breaches MGM Resorts International is a leading U.S. hospitality and entertainment company operating 21 resort hotels and casinos (primarily in Las Vegas and other cities) ( Scam of the day March 16, 2025 MGM Data Breach Settlement | Scamicide ). Millions of guests stay at MGM properties annually, entrusting the company with a wealth of personal identifying information (PII). 2019 Data Breach (July 2019): Hackers gained unauthorized access to MGMs network on July 7, 2019 and stole the personal data of more than 10.6 million guests ( [SETTLED] MGM Hit with Class Action Over Summer 2019 Data Breach Affecting 10.6 Million Guests ). The compromised PII included names, postal addresses, phone numbers, email addresses, dates of birth, and in many cases drivers license, passport or military ID numbers ( MGM Resorts Data Breach Class Action Lawsuit | Berger Montague ) ( MGM Resorts settles class action lawsuit...

... (truncated for display)

Quick Facts

Company:: MGM Resorts International
Date:: 2019 and 2023
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 16/03/2025

Source Information

Original Query

MGM Resorts ransomware attack customer data breach notification content analysis

View Original Source

Timeline

Information Published

16/03/2025

Incident Occurred

2019 and 2023 (830 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats