MGM Resorts Slapped with Class Action Suit After Hackers Swipe 10.6 Million Guest Records

John Smallman, formerly a patron of MGM Resorts International (MGM), is suing the gaming company after it was revealed that cyber thieves stole the data of 10.6 million guests last year.

A former Luxor guest is suing MGM after news of a data breach broke. (Image: Fox5 Vegas)

Earlier this week, MGM verified the data breach involving 10,683,188 records of prior guests, including celebrities, convention goers and government officials. The operator of the Bellagio and Mirage, among other Las Vegas Strip properties, made affected guests aware of the incident last year. But it came to light publicly this week after the information was released on an online hacking forum.

In a complaint filed Friday in US District Court in Nevada, attorneys for Smallman claim that MGM notified impacted guests on or about Sept. 5 2019 following a breach on or around July 7, 2019, and that the company kept it quiet to avoid negative publicity in the wake of the October 1, 2017, mass shooting at Mandalay Bay that resulted in 58 deaths and more than 800 injuries.

ZDNet initially reported news of the data theft on Feb. 19. PII references “personally identifiable information.”

Unfortunately, the miscreants that took and/or acquired the sensitive PII had other plans, and on February19, 2020, internet technology publication ZDNet revealed that the personally identifiable information of more than 10.6 million MGM hotel guests had been posted on a hacking forum, available for misuse by a host of bad actors,” according to the suit.

Suit Details

Smallman’s counsel notes the Californian stayed at the Luxor multiple times over the past 10 years using his drivers license, a credit or debit card, and other PII while there. He also used payment cards at the Bellagio. Earlier in the week, Casino.org reached to MGM to verify what properties were affected by the hack, but did not hear back from the company.

The hackers stole full names, home addresses, phone numbers, emails, and dates of birth. But MGM said to ZDnet it believes payment information and passwords weren’t compromised in the cyber attack.

“Plaintiff suffered actual injury from having their PII stolen as a result of the Data Breach, including, but not limited to: (a) paying monies to MGM for its goods and services which they would not have had if MGM disclosed that it lacked data security practices adequate to safeguard consumers’ PII from theft; (b) damages to and diminution in the value of their PII—a form of intangible property that the Plaintiff entrusted to MGM as a condition of receiving MGM services; (c) loss of their privacy; (d) imminent and impending injury arising from the increased risk of fraud and identity theft,” according to the complaint.

Smallman’s attorneys also argue that due to the MGM data infiltration, their client will be increasingly vulnerable to financial fraud and identity theft in the coming years.

Hospitality Targets

Due to the nature of the personal information acquired by gaming companies and hotel chains, the travel and leisure industry is among the most vulnerable to cyber thievery. In the last decade, one of the largest data breaches involved 383 million records stolen from Marriott’s Starwood brand.

Hilton, Hyatt and Trump are among the other big-name hoteliers that have had run-ins with cyber criminals.

Smallman’s attorneys note the MGM data breach may run afoul of Federal Trade Commission (FTC) guidelines. The FTC has previously brought action against companies for not sufficiently safeguarding customer data.

“At all relevant times, MGM knew, or reasonably should have known, of the importance of safeguarding PII and of the foreseeable consequences if its data security systems were breached, including, the significant costs that would be imposed on customers as a result of a breach,” according to the suit.

Todd Shriber
Todd Shriber Financial Reporter

Todd Shriber is a senior news reporter covering gaming financials, casino business, stocks, and mergers and acquisitions for Casino.org.

Todd got his start in financial markets as a reporter with Bloomberg News. Later, he became a trader at a Southern California-based long/short hedge fund, where he specialized in the trading sector and international ETFs leading up to and during the financial crisis. He joined Casino.org in 2019.

Currently, Todd analyzes, researches, and writes on ETFs for various web-based publications and financial services firms. Shriber has been featured and quoted in Barron's, CNBC.com, and The Wall Street Journal. His work can also be found on Benzinga, ETF Daily News, ETF Trends, MarketWatch, Fox Business, and Nasdaq.com.

He currently resides in Las Vegas, where he enjoys golf and taking his black lab to the dog park. He's also an avid sports fan and likes to wager on college football and the NBA. You can also find him at the three-card poker and roulette table, even though he knows better.

Contact Todd at todd.shriber@casino.org.

Comments icon

Conversation (0)

+ Add a comment

Be the first to comment on this article.

Write a comment

Your email address will not be published.