MGM Resorts Agrees to $45 Million Settlement Over Data Breaches

The settlement addresses class-action lawsuits stemming from 2019 and 2023 cyberattacks that exposed sensitive data of 37 million customers.

MGM Resorts faced two major breaches: a 2019 data breach and a 2023 ransomware attack, compromising personal information of 37 million customers.
Exposed data included names, addresses, Social Security numbers, driver’s license numbers, and passport details, among other sensitive information.
The $45 million settlement will provide tiered compensation, with affected customers eligible for payments of $75, $50, or $20 based on the type of data stolen, and up to $15,000 for documented losses.
The 2023 ransomware attack caused significant disruptions at MGM properties, including system outages, manual slot machine payouts, and halted operations across Las Vegas resorts.
A final court hearing on the settlement is scheduled for June 18, while MGM remains under investigation by the Federal Trade Commission for its handling of the 2023 attack.