MGM Resorts has reached a multimillion-dollar settlement to pay up to $75 to thousands of people after their personal data was compromised in two cyberattacks that occurred in 2019 and 2023. So, if you stayed at any of their hotels or casinos and received an official notification, this news will interest you a lot. But, as always, there are deadlines, levels, and conditions you must meet to receive the money. We tell you step by step what happened and how you can claim.
What happened at MGM Resorts?
It all started in July 2019, when MGM Resorts suffered its first cyberattack. The second attack came in September 2023. In both cases, hackers gained access to personal information of guests: full names, emails, phone numbers, addresses, birthdates, and in the most severe cases, passport numbers, driver’s licenses, military IDs, and even Social Security numbers or data that is terrifying to think about being out there, who knows where.
And, of course, a class-action lawsuit was filed, led by clients like Tonya Owens.
What did the class-action lawsuit say?
This guest, who took charge of the class action, sued for the data breach that MGM International Resorts had promised to keep confidential, and once exposed, hundreds of users suffered data theft.
Has MGM admitted guilt?
Of course not. This is what usually happens with these types of class-action lawsuits: the company agrees to pay the settlement but does not admit to the irregularities that caused the issue. MGM, which operates in various hotels and casinos in Las Vegas and Japan, has agreed to a $45 million settlement to quickly resolve the accusations, but, again, they have not admitted their guilt.
Who is eligible to claim?
You can claim if you received a notification from MGM informing you that you were a victim of the 2019 or 2023 data breaches. Depending on the type of exposed information, there are three levels of compensation:
- $75 if sensitive data such as your Social Security number or a military ID was exposed.
- $50 if your passport or driver’s license was exposed.
- $20 if only personal data such as your name, email, or birthdate was exposed.
You do not need to provide documentation to request these payments. You just need to complete the official form before June 3, 2025.
What if you had actual losses?
In cases where there have been financial damages, such as unauthorized charges, bank accounts opened in your name, or time spent resolving the issue, you can request up to $15,000. However, in these cases, it is mandatory to provide proof: bank statements, invoices, police reports, or any documents that show the real impact of the data theft, so if you have them, don’t hesitate to send all the documentation.
Where to make the claim?
Everything is processed online through the official settlement portal. From there, you can:
- Check if you are part of the affected group.
- Fill out your payment claim form.
- Opt-out if you prefer to pursue another legal path on your own.
If you decide not to participate in the settlement, you have until May 19, 2025, to notify it. The final hearing where the settlement will be approved or not will take place on June 18 in Las Vegas, and you have until June 3 to submit your claim.
Has this happened before?
Yes, unfortunately. MGM is not the only company that has paid for these types of failures. Other companies like ParkMobile have also had to face class-action lawsuits for data breaches… Every time a case like this happens, more people start to check what’s happening with their personal information and what rights they have. Something that almost no one did before, and that is really important because we’re putting our most important information in the hands of those we supposedly trust.
Our data flies all over the place, but it’s not just about money. It’s about asserting your rights. So check your inbox, your spam folder, or go directly to the settlement website. Because it may not fix your life, but hey, $75 isn’t bad at all.