MGM Resorts and Caesars Entertainment are facing legal action over a cyberattack breach that occurred in September. Five class-action lawsuits have been filed against the two companies, accusing them of failing to protect customer information from cyberattacks. The lawsuits, brought by two Las Vegas law firms, allege that these companies put their customers at risk of identity theft by not adequately safeguarding their personal data.
Two lawsuits have been filed against each company, seeking class-action status on behalf of individual customers. The plaintiffs include Tonya Owens and Emily Kirwan (MGM), as well as Paul Garcia and Alexis Giuffre (Caesars). The law firms representing them are Stranch, Jennings & Garvey, PLLC, and Kopelowitz Ostrow Ferguson Weiselberg Gilbert.
These lawsuits contend that MGM Resorts and Caesars Entertainment did not sufficiently disclose the breaches, leaving customers unaware of potential future vulnerabilities related to the theft of personal data. It is believed that the stolen data has been sold on the dark web, where personal identifiable information (PII) can fetch prices ranging from $40 to $200.
In addition to the four initial lawsuits, a fifth lawsuit was filed by The O’Mara Law Firm and Barnow and Associates on behalf of Thomas McNicholas and Laura McNicholas, a long-time member of the Caesars Rewards Program. This suit alleges a breach of contract with every customer whose personal data was compromised in the breach.
All five lawsuits seek monetary damages for the victims, including actual, statutory, and punitive damages, as well as restitution. They also demand any profits obtained by the companies through the compromised data and assurances that such breaches will not occur again. These lawsuits allege negligence, breach of contract, and unjust enrichment, with all plaintiffs requesting a jury trial.
Meanwhile, a separate sixth lawsuit was filed against both MGM Resorts International and Caesars Entertainment in the New Jersey district court on September 18. MGM Resorts International has not provided any comment on the lawsuits.
This legal action highlights the serious consequences of cyberattacks and the importance of robust data protection measures for companies. With personal information being a valuable commodity on the dark web, it is crucial for businesses to take all necessary steps to safeguard customer data and promptly disclose any breaches that may compromise their security. These lawsuits serve as a reminder of the potential risks that customers face and the need for companies to prioritize cybersecurity to protect sensitive information effectively.