Five lawsuits filed against MGM, Caesars following cyber-attack

lawsuit concept
Image: Shutterstock

Five separate class action lawsuits have been filed against MGM Resorts and Caesars Entertainment following the cyber-attacks that occurred during this month.

The suits allege that the casino operators failed to adequately protect customer data during the attacks, which closed down MGM’s operations and forced both operators to pay a ransom.

Filings were made in the Nevada District Court and claim that plaintiffs fear their data, including their social security numbers, could have been sold on the black market. 

Law firms that filed against the operators include Stranch, Jennings and Garvey PLLC and Kopelowitz Ostrow Ferguson Weiselberg Gilbert, with two lawsuits against Caesars and two against MGM. O’Mara Law Firm and Barnow and Associates filed a fifth against Caesars too. 

MGM and Caesars were both hit by a cyber-attack earlier this month, with MGM’s systems being down for days and Caesars’ notifying stakeholders that a “significant” number of social security numbers could have been exposed. 

All of MGM’s customer-facing operations are now back on track after an investigation into the issue and technical staff working on a fix. 

The hackers obtained a copy of the Caesars Rewards database, including the driver’s license numbers and Social Security numbers of many patrons. Accordingly, the company is offering free credit monitoring and fraud protection services for all Caesars Rewards members. Impacted customers will also be notified.

The lawsuits are made on behalf of customers whose data could have been breached in the attack. They are seeking damages for the victims of the attack and all five cases are seeking a jury trial on the grounds of negligence, breach of contract and unjust enrichment. 

The filings state: “The PII of individuals remains of high value to criminals, as evidenced by the prices they will pay through the dark web. Numerous sources cite dark web pricing for stolen identity credentials.

“For example, PII can be sold at a price ranging from $40 to $200. Criminals can also purchase access to entire company data breaches from $900 to $4,500.”