Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
MGM Resorts International is facing a class action lawsuit accusing it of negligently failing to safeguard customer data, which was compromised in a massive data breach last year.
MGM Resorts operates famous luxury resorts, casinos and hotels in the United States. Most MGM locations are hotels and casinos in Las Vegas, Nevada.
Plaintiff E.Z. filed the MGM class action lawsuit on behalf of all persons in Canada whose personal and/or financial information was compromised in the MGM data breach that reportedly occurred in July 2019.
The MGM data breach affects customers who have stayed at the following MGM locations:
- MGM Grand in Las Vegas
- Aria in Las Vegas
- Bellagio in Las Vegas
- Circus Circus in Las Vegas
- Excalibur in Las Vegas
- Luxor in Las Vegas
- Mandalay Bay in Las Vegas
- The Mirage in Las Vegas
- New York-New York in Las Vegas
- Park MGM in Las Vegas
- Signature at MGM Grand in Las Vegas
- MGM Grand Detroit in Detroit, Michigan
- Beau Rivage in Biloxi, Mississippi
- Gold Strike Tunica in Tunica, Mississippi
- Borgata in Atlantic City, New Jersey
- MGM National Harbor in Prince George’s County, Maryland
- MGM Springfield in Springfield, Massachusetts
Other locations may have also been affected by the MGM data breach.
According to the data breach class action lawsuit, MGM found out on July 10, 2019 that an unauthorized third party had accessed and downloaded client information from an external cloud server.
The customer data that was reportedly accessed in the MGM data breach include names, addresses, phone numbers, email addresses, birthdates, credit card information, and other customer information.
Instead of immediately informing affected customers about the MGM data breach, MGM reportedly emailed a small number of affected customers in August 2019 in an effort to downplay the extent of the MGM data breach.
According to the lawsuit, MGM only acknowledged the massive data breach in February 2020 after the technology website Zdnet.com published an article reporting that the personal information for more than 10 million former MGM hotel guests was compromised in the 2019 MGM data breach.
E.Z. says he remained unaware of the MGM data breach until he received an email from MGM on June 12, 2020–nearly a year after MGM first became aware that customer data had been accessed by an unauthorized third party.
The email reportedly offered E.Z. one full year of credit monitoring at no cost, and notified him that he could request that the credit reporting agency Equifax could place a fraud alert on his credit file to protect his data.
When E.Z. called the number listed in the MGM email, he was reportedly directed to Equifax Canada and had to wait a long time for a representative to answer his call. When he did reach a representative, the agent would not confirm any information about the information that was compromised in the data breach and told him to send an email to MGM to ask specific information about the stolen information.
“This is clearly designed to force Class Members to jump through as many hoops as possible and to waste their time, the whole in order to have them give up and no longer continue with their inquiries and concerns against MGM,” the plaintiff alleges in the MGM data breach class action lawsuit.
“Personal information is a valuable commodity,” the MGM data breach class action lawsuit says. “There is a ‘cyber black-market’ available for criminals to openly post personal information on a number of Internet websites in what is known as the ‘dark web’. This demand increases the likelihood of Class Members falling victim to identity theft.”
Because it is difficult to trace user activity on the dark web, it is a “hotbed” of criminal activity where users can buy and sell credit card numbers, drugs, guns, and other private information, the MGM data breach class action lawsuit alleges.
“When a data breach affecting 10.6 million Consumers occurs, Defendant had the obligation to immediately and accurately notify its Customers in order to help them prevent further fraud, identity theft, financial losses, losses of time, stress and inconvenience,” the MGM data breach class action lawsuit says.
E.Z. notes that MGM sent emails to affected customers, but has not posted any information about the MGM data breach on its website. The data breach class action lawsuit says MGM failed to immediately activate the credit monitoring services for affected customers and post proper fraud alerts for affected consumers, and instead waited nearly a year to offer these services to help protect their identities and financial information.
As a result, affected consumers are at increased risk of fraud and/or identity theft, the MGM data breach class action lawsuit asserts.
Have you visited any of the impacted MGM locations? Are you worried about the data breach? Tell us your thoughts in the comment section below!
The proposed Class is represented by David Assor of Lex Group Inc.
The MGM Resorts Data Breach Class Action Lawsuit is E.Z. v. MGM Resorts International, Case No. 500-06-001078-209, in the Superior Court of Québec, District of Montreal, Canada.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
3M issues recall for noise-reducing earmuffs due to potential breakage
April 30, 2024 | Product Recalls
4 thoughts onMGM Resorts International Accused of Negligence in Massive Data Breach
How do you get added to this? I was affected by this breach.
We stayed at the Park MGM in July 2019. I was notified about the breach end of 2020, in fact I was sent an email for 1 year free Equifax monitoring but lost my access code. Anybody know how to get another code for access?
Me again, I forgot to mention that my phone number has been compromised with many calls from the USA using an Asian language. The harassing calls are from many different states and they leave me messages that I cannot understand. This happens repeatedly on a daily basis. I block each call but because there are so many numbers that they use, I’m constantly blocking. An English speaking call from the USA informing me that it was the Canada Revenue service and to supply them my Social Insurance Number or authority’s will arrest me. Of course I blocked this caller also.
Yes, I stayed at MGM Hotel and Casino between 27 September to 2 October 2017. My credit card had many fraudulent charges, and I repeatedly had to call my credit card company for reversal of charges that I did not authorize (this was the credit card I used at MGM). This continued for a few months at which I requested a new Credit Card number.