MGM Data Breach: What You Need to Know

MGM Data Breach: What You Need to Know

  • The Fee Is Free Unless You Win®.
  • America's Largest Injury Law Firm™
  • Protecting Families Since 1988
  • 20 Billion+ Won
  • 1,000+ Lawyers Nationwide

Free Case Evaluation

Tell us about your situation so we can get started fighting for you. We tailor each case to meet our clients' needs.
Results may vary depending on your particular facts and legal circumstances.
Our results speak for themselves

The attorneys featured above are licensed in Florida. For a full list of attorneys in your state please visit our attorney page.

MGM Data Breach: What You Need to Know

Data breaches can be serious as they potentially expose your personal and confidential information, making you susceptible to identity theft and other cybercrime activities. If you have stayed in MGM hotels or resorts in the past, you could be affected by the recent MGM data breach, involving the personal details of millions of the hotel chain’s customers. 

You could qualify for compensation if you suffered financial losses and other damages due to a corporation failing to keep your personal data safe. Morgan & Morgan has already filed a lawsuit against MGM and handled several high-profile data breach cases, including Yahoo and Equifax. Our data breach attorneys are committed to fighting for your consumer rights. Contact us now to determine whether you have a case.

What Is a Data Breach?

A data breach occurs when an unauthorized individual or group deliberately steals, copies, or shares other individuals’ confidential and sensitive information. Data breaches can involve bank account details, addresses, social security numbers, medical information, and any other personal information. Data breaches can be costly and damaging for the corporations and organizations targeted and the individuals affected. 

As more and more of our personal information moves online, cyberattacks are likely to become more frequent. Large corporations can be attractive targets for cyberattacks since criminals can collect large amounts of data in one hacking attempt. Therefore, businesses that use and store our sensitive and confidential personal information must guard against such hackers and keep any customer records as secure as possible.

How Data Breaches Happen

Cyberattacks generally focus on the weaknesses of a business and can happen in the following ways:

  • Easy access for hackers due to outdated software 
  • Inadequate or weak passwords that are easy to guess 
  • Malware attacks with phishing emails and links
  • An unintentional virus download by visiting a compromised website

We can guard ourselves against these attacks, for example, by installing and updating virus software on our computers and avoiding clicking on any links from an unknown source. However, once we give out our sensitive personal information to a company, it is in the hands of the company to keep our personal data safe. 

What We Know About the MGM Data Breach

In early 2020, a report surfaced stating that the MGM Grand Resort in Las Vegas was targeted in a cyberattack resulting in a data breach affecting approximately 10.6 million guests. An unauthorized person had accessed the resorts’ computer system containing guests’ personal information. The individual allegedly went on to make the data publicly available on an internet forum.

However, according to Forbes, the 2019 MGM data breach could be much larger than initially reported, involving more than 142 million guests’ personal information. Details reportedly also included the personal information of government officials, celebrities, and other public figures. 

MGM initially reported that most of the exposed data did not contain sensitive information and was limited to guests’ names and contact details. However, it is unknown exactly how much sensitive information was exposed as MGM allegedly concealed the scope of the data breach and failed to contact most of the guests impacted. 

Sensitive Information Potentially Included in the Data Breach

Although MGM stated that only guests’ addresses and names were subject to the data breach, more sensitive information may have leaked, including:

  • Phone numbers
  • Dates of birth
  • Driver’s license numbers
  • Email addresses
  • Passport numbers
  • Military ID numbers

Unauthorized access to names and addresses can already lead to identity theft. However, the potential of birth dates and ID document numbers getting into the public domain is serious. Individuals whose private and confidential information is publicly accessible can become an easy target for scams and fraud. 

MGM Data Breach Lawsuits

To date, multiple lawsuits have been filed against MGM, including by Morgan & Morgan. Lawsuits allege that the data breach occurred due to the hotel chain’s lack of cyber security policies and protocols that should have been in place to protect consumers’ personal information.  

If you are a victim of the MGM data breach, you could have a legal claim for damages. Our data breach attorneys can advise you on your options. You could receive compensation for any time and expenses spent on dealing with the data breach, such as credit monitoring, credit freezes, and other activities.

What Your Personal Information Could Be Used For

The potential for having your identity stolen is perhaps the most significant threat when someone unauthorized gets hold of your personal information such as date of birth, address, and passport information. Criminals use identity theft to commit a variety of crimes such as money laundering and stealing bank accounts. Hackers can also sell your data to others on the dark web. Identity theft crimes can include, among others: 

  • Taking out loans in your name
  • Opening fake bank accounts 
  • Using your details to open up utility accounts 
  • Applying for credit cards in your name
  • Using your details to obtain government benefits
  • Filing fraudulent tax returns under your name
  • Using your health insurance to pay for medical care
  • Obtaining a driver’s license with your name but a different picture 
  • Pretending to be you when under police arrest

If you have been a victim of identity theft, you could spend years dealing with the consequences, such as a low credit rating and financial losses. 

Steps to Take if You Were Affected by the MGM Data Breach

Change Your Passwords

Changing passwords often is an excellent idea. However, changing all your passwords is essential when you are the victim of a data breach. If you think your personal data was stolen, you should change your logins and passwords as soon as possible. Pay particular attention to any bank or credit card accounts used to book stays at MGM properties. Your new passwords should be strong and unique. Consider getting a password manager program such as Dashlane or Last Pass, which automatically creates strong passwords and remembers them for you. 

Set Up Credit Monitoring

You can get one free credit report per year from the three major credit bureaus Equifax, Experian, and Transunion. The credit report allows you to check your credit score, credit history, and activity. If anyone fraudulently uses your details to obtain credit cards or loans, for example, this will show up on your credit report. Consider setting up credit monitoring to receive emails and alerts about any activities on your credit reports. You can set credit monitoring up for free through sites such as Credit Karma.  

Keep Detailed Records

Data breaches and identity theft are getting more and more common. However, if you were harmed by a data breach, you could have legal recourse. While not all data breaches lead to compensation for victims, keeping good records of your bank accounts, credit card statements, and other important documents can be advantageous. Ensure to keep any receipts and statements of expenses arising from dealing with a data breach. 

Stay Vigilant and Alert

Monitoring bank accounts and emails constantly can be tedious. However, these actions can go a long way to keep you safe and help you identify potential identity theft before criminals can do too much damage. Your home address, bank information, and Social Security number can be valuable for crooks. Never send sensitive information via email, if possible. If you travel frequently, consider creating a different email and phone number to use during travels, as this can help keep your primary information safe. 

Contact an Attorney for Help

If your personal data was exposed in the MGM data breach, you should seek legal advice to protect your rights and determine whether you qualify for compensation. Morgan & Morgan’s experienced data breach lawyers could help you if you are a victim of cybercrime due to the MGM data breach.  

You Could Qualify for Damages

Depending on the damages resulting from a data breach and identity theft, you could qualify for damages such as: 

  • Identity theft fraud financial losses
  • Expenses for credit reports, credit monitoring, or credit freezes
  • Compensation for your time dealing with the breach 

You could also seek other damages.

Scroll down for more

Get answers to commonly asked questions about our legal services and learn how we may assist you with your case.

MGM Data Breach FAQs

  • Which MGM Properties Were Affected by the Data Breach?

    There is still some uncertainty about which properties were affected. However, if you stayed at the following Las Vegas MGM properties pre-2020, your personal information may now be compromised: 

    • MGM Grand
    • Mandalay Bay
    • The Mirage
    • Circus Circus
    • Aria
    • Bellagio
    • Delano
    • Excalibur
    • Luxor
    • Park MGM (formerly Monte Carlo)
    • New York-New York 
    • Signature at MGM Grand
    • Vdara

    Other MGM properties potentially affected include: 

    • MGM Grand Detroit 
    • Beau Rivage Biloxi
    • Gold Strike Tunica 
    • Borgata Atlantic City
    • MGM National Harbor 
    • MGM Springfield 
  • How Do I Know Whether My Personal Information Was Stolen?

    You may have become aware of the MGM data breach in a news report or online article, leaving you wondering whether hackers accessed your personal details. Generally, companies affected by a data breach are responsible for alerting customers whose personal details may have been compromised or stolen. By now, you should have received a letter or email informing you of the MGM data breach. 

  • I Got the MGM Data Breach Letter; What Should I Do Now?

    If you received correspondence from MGM that your data was involved in the hacking incident, consider taking the following steps promptly:

    • Monitor your financial accounts and set up alerts
    • Ask one of the major credit bureaus (Experian, Equifax, or TransUnion) to add a fraud alert to your credit report
    • Check your credit report to identify any unusual activity
    • Change your online logins, passwords, and security questions
    • Report suspicious account activity immediately

    Stay alert for any signs that hackers have stolen your identity, such as receiving bills you do not recognize or unexpected withdrawals. Receiving a notice from the IRS that more than one tax return was filed under your name is another red flag pointing to identity theft. 

    You Could Receive a Settlement

    Since several lawsuits have already been filed regarding the MGM data breach, you could also be entitled to damages in an individual or class-action lawsuit, depending on your circumstances. You may have already received an official mailed notification of your eligibility to join a class-action lawsuit. If you think you are affected and do not know what to do, schedule a free consultation with our data breach legal team.

  • How Common Are Data Breaches?

    Data breaches are not only common, but they are increasing in frequency. Some of the companies affected by significant and damaging data breaches in the last few years include:

    • Facebook/Cambridge Analytica
    • Equifax Credit Company
    • Target 
    • Capital One
    • Home Depot
    • Yahoo
  • At What Point Should I Contact a Data Breach Lawyer for Advice?

    If you have received a letter or notification from MGM confirming that your personal information was compromised in a data breach, one of our data breach attorneys can help. We can advise you of your rights and answer any questions and concerns about the data breach. 

    If you incurred damages due to identity theft, our attorneys could help you recover compensation and hold MGM to account for failing to keep your data safe. A free consultation with us allows you to find out about your next best steps without any commitment or obligation on your part.

  • How Much Does a Data Breach Attorney Cost?

    Working with Morgan & Morgan is free unless and until we are successful at recovering compensation for you. Data breach lawsuits are frequently filed on a class-action basis, which means plaintiffs (those bringing the suit) have no upfront costs at all. Moreover, if we win, the attorney’s fees are either paid by the defendant or deducted from the final settlement. Either way, you do not pay a dime out of your own pocket when working with a data breach attorney at Morgan & Morgan.

  • Our Data Breach Attorneys Are Here for You

    When you take your custom to a hotel, casino, or other business, your personal information should be safe from cybercrime and identity theft. If a business used outdated software or failed to have appropriate safety procedures in place, and hackers accessed your personal details, you could have legal recourse. 

    Morgan & Morgan’s data breach lawyers are experienced litigators with a track record of holding negligent corporations to account. We are not afraid to go to trial to protect your rights as a customer and fight for what you deserve. To find out if you qualify for compensation from the MGM data breach, contact us today for free legal advice.

Scroll down for more Load More

How it works

It's easy to get started.
The Fee Is Free Unless You Win®.

Results may vary depending on your particular facts and legal circumstances.

  • Step 1

    your claim

    With a free case evaluation, submitting your case is easy with Morgan & Morgan.

  • Step 2

    We take

    Our dedicated team gets to work investigating your claim.

  • Step 3

    We fight
    for you

    If we take on the case, our team fights to get you the results you deserve.



Customer Story

“I was in a difficult situation when I was injured by a faulty product. I was hesitant to seek legal help but with the help of Morgan & Morgan, they made the process easy. They took immediate action and got me the compensation I deserved. I couldn't have done it without them. I highly recommend their services.” Estate of Patricia Allen v. RJ Reynolds, et al. | 2014

Client success
stories that inspire and drive change

Explore over 55,000 5-star reviews and 800 client testimonials to discover why people trust Morgan & Morgan.

Results may vary depending on your particular facts and legal circumstances. Based on Select nationwide reviews

  • Video thumbnail for 5l3q2e67j8
    Wistia video play button
  • Video thumbnail for yfe952tcop
    Wistia video play button
  • Video thumbnail for z1bqwg9hkl
    Wistia video play button
  • Video thumbnail for s5nb3hnvkv
    Wistia video play button
  • Video thumbnail for t4elibxene
    Wistia video play button
  • Video thumbnail for 5nr9efxqj3
    Wistia video play button
  • Video thumbnail for e8s1x6u5jp
    Wistia video play button