MGM Resorts Hit With Lawsuit For Massive Customer Data Breach

MGM Resorts Hit With Lawsuit For Massive Customer Data Breach February 25, 2020 February 25, 2020 Carolyn Dutton
 Industry February 25, 2020 by Carolyn Dutton
MGM Resorts International

MGM Resorts International recently admitted that it had a massive data breach which is estimated to have affected the data of 10.6 million customers. The admission did not go down well with MGM customers and now a former guest is suing the casino giant for damages.

Last week, MGM Resorts publicly acknowledged that their cloud server was hacked in 2019—hackers were found to have gained access to a trove of information that MGM collected from its guests, including sensitive personal information such as driver’s license and passport data, addresses, contact details, email addresses, and birthdays. However, the financial information of all customers were said to have been kept safe during the attack.

Initial news about the leak emerged in hacking forums before MGM confirmed the same. Many notable guests have had their data swiped from MGM’s servers, including celebrities and CEOs.

One guest who took matters into his own hands is John Smallman, who filed a suit against MGM on February 21 in Nevada, accusing the company of failing to provide adequate protection for the data they collected from their customers. Smallman contended in his lawsuit that the breach affected his life by compelling him to spend time and money to protect himself from possible fraud as a result of his personal information being stolen by hackers.

KSNV News 3 Las Vegas


Smallman is represented by the law firm Morgan & Morgan. John Yanchunis will be the lawyer taking on this case. He is the same lawyer that represented a number of Yahoo users in a similar data breach works.

MGM Downplays Breached Data’s Value

MGM has so far kept silent on the Smallman’s lawsuit. However, they have come out and claimed that the data breach affected only publicly available information. An MGM spokesman stated that the hacked information was comprised of data easily searchable through Internet search engines like Google, characterizing the data as “phonebook” data that could not be used to target victims for fraud down the line.

Smallman disagreed with MGM’s position, stating that hacking personal information such as license numbers, passport numbers, and military identification numbers, as well as addresses and birthdays would be sufficient for criminals to create false identities online, endangering the reputations of the people they are impersonating. In Smallman’s suit, he goes into more detail on the measures he and others like him will have to take to ensure that the hackers who possess his personal information will not be able to capitalize on it to perpetuate scams.

Carolyn is our legislation expert, with a background in law she is able to cover the current state of gambling around the world