A federal court gave preliminary approval to a $45 million settlement in a consolidated class-action lawsuit brought against MGM Resorts International for data breaches in 2019 and 2023.
Hackers broke into the resort operator’s systems twice, according to the suit filed in the U.S. District Court of Nevada, which combined two class-action lawsuits over separate breaches into one complaint. In July 2019, a hacker stole data including sensitive information such as driver’s license numbers, passport numbers and customer addresses.
Then in September 2023, MGM was attacked again, this time with ransomware, in an incident that disabled the resort operator’s key systems for several days—including those to hotel rooms—as well as taking gaming machines offline.
