MGM Data Breach: What You Need to Know

Data breaches can be serious as they potentially expose your personal and confidential information, making you susceptible to identity theft and other cybercrime activities. If you have stayed in MGM hotels or resorts in the past, you could be affected by the recent MGM data breach, involving the personal details of millions of the hotel chain’s customers. 

You could qualify for compensation if you suffered financial losses and other damages due to a corporation failing to keep your personal data safe. Morgan & Morgan has already filed a lawsuit against MGM and handled several high-profile data breach cases, including Yahoo and Equifax. Our data breach attorneys are committed to fighting for your consumer rights. Contact us now to determine whether you have a case.

What Is a Data Breach?

A data breach occurs when an unauthorized individual or group deliberately steals, copies, or shares other individuals’ confidential and sensitive information. Data breaches can involve bank account details, addresses, social security numbers, medical information, and any other personal information. Data breaches can be costly and damaging for the corporations and organizations targeted and the individuals affected. 

As more and more of our personal information moves online, cyberattacks are likely to become more frequent. Large corporations can be attractive targets for cyberattacks since criminals can collect large amounts of data in one hacking attempt. Therefore, businesses that use and store our sensitive and confidential personal information must guard against such hackers and keep any customer records as secure as possible.

How Data Breaches Happen

Cyberattacks generally focus on the weaknesses of a business and can happen in the following ways:

• Easy access for hackers due to outdated software 
• Inadequate or weak passwords that are easy to guess 
• Malware attacks with phishing emails and links
• An unintentional virus download by visiting a compromised website

We can guard ourselves against these attacks, for example, by installing and updating virus software on our computers and avoiding clicking on any links from an unknown source. However, once we give out our sensitive personal information to a company, it is in the hands of the company to keep our personal data safe. 

What We Know About the MGM Data Breach

In early 2020, a report surfaced stating that the MGM Grand Resort in Las Vegas was targeted in a cyberattack resulting in a data breach affecting approximately 10.6 million guests. An unauthorized person had accessed the resorts’ computer system containing guests’ personal information. The individual allegedly went on to make the data publicly available on an internet forum.

However, according to Forbes, the 2019 MGM data breach could be much larger than initially reported, involving more than 142 million guests’ personal information. Details reportedly also included the personal information of government officials, celebrities, and other public figures. 

MGM initially reported that most of the exposed data did not contain sensitive information and was limited to guests’ names and contact details. However, it is unknown exactly how much sensitive information was exposed as MGM allegedly concealed the scope of the data breach and failed to contact most of the guests impacted. 

Sensitive Information Potentially Included in the Data Breach

Although MGM stated that only guests’ addresses and names were subject to the data breach, more sensitive information may have leaked, including:

• Phone numbers
• Dates of birth
• Driver’s license numbers
• Email addresses
• Passport numbers
• Military ID numbers

Unauthorized access to names and addresses can already lead to identity theft. However, the potential of birth dates and ID document numbers getting into the public domain is serious. Individuals whose private and confidential information is publicly accessible can become an easy target for scams and fraud. 

MGM Data Breach Lawsuits

To date, multiple lawsuits have been filed against MGM, including by Morgan & Morgan. Lawsuits allege that the data breach occurred due to the hotel chain’s lack of cyber security policies and protocols that should have been in place to protect consumers’ personal information.  

If you are a victim of the MGM data breach, you could have a legal claim for damages. Our data breach attorneys can advise you on your options. You could receive compensation for any time and expenses spent on dealing with the data breach, such as credit monitoring, credit freezes, and other activities.

What Your Personal Information Could Be Used For

The potential for having your identity stolen is perhaps the most significant threat when someone unauthorized gets hold of your personal information such as date of birth, address, and passport information. Criminals use identity theft to commit a variety of crimes such as money laundering and stealing bank accounts. Hackers can also sell your data to others on the dark web. Identity theft crimes can include, among others: 

• Taking out loans in your name
• Opening fake bank accounts 
• Using your details to open up utility accounts 
• Applying for credit cards in your name
• Using your details to obtain government benefits
• Filing fraudulent tax returns under your name
• Using your health insurance to pay for medical care
• Obtaining a driver’s license with your name but a different picture 
• Pretending to be you when under police arrest

If you have been a victim of identity theft, you could spend years dealing with the consequences, such as a low credit rating and financial losses. 

Steps to Take if You Were Affected by the MGM Data Breach

Change Your Passwords

Changing passwords often is an excellent idea. However, changing all your passwords is essential when you are the victim of a data breach. If you think your personal data was stolen, you should change your logins and passwords as soon as possible. Pay particular attention to any bank or credit card accounts used to book stays at MGM properties. Your new passwords should be strong and unique. Consider getting a password manager program such as Dashlane or Last Pass, which automatically creates strong passwords and remembers them for you. 

Set Up Credit Monitoring

You can get one free credit report per year from the three major credit bureaus Equifax, Experian, and Transunion. The credit report allows you to check your credit score, credit history, and activity. If anyone fraudulently uses your details to obtain credit cards or loans, for example, this will show up on your credit report. Consider setting up credit monitoring to receive emails and alerts about any activities on your credit reports. You can set credit monitoring up for free through sites such as Credit Karma.  

Keep Detailed Records

Data breaches and identity theft are getting more and more common. However, if you were harmed by a data breach, you could have legal recourse. While not all data breaches lead to compensation for victims, keeping good records of your bank accounts, credit card statements, and other important documents can be advantageous. Ensure to keep any receipts and statements of expenses arising from dealing with a data breach. 

Stay Vigilant and Alert

Monitoring bank accounts and emails constantly can be tedious. However, these actions can go a long way to keep you safe and help you identify potential identity theft before criminals can do too much damage. Your home address, bank information, and Social Security number can be valuable for crooks. Never send sensitive information via email, if possible. If you travel frequently, consider creating a different email and phone number to use during travels, as this can help keep your primary information safe. 

Contact an Attorney for Help

If your personal data was exposed in the MGM data breach, you should seek legal advice to protect your rights and determine whether you qualify for compensation. Morgan & Morgan’s experienced data breach lawyers could help you if you are a victim of cybercrime due to the MGM data breach.  

You Could Qualify for Damages

Depending on the damages resulting from a data breach and identity theft, you could qualify for damages such as: 

• Identity theft fraud financial losses
• Expenses for credit reports, credit monitoring, or credit freezes
• Compensation for your time dealing with the breach 

You could also seek other damages.