MGM Data Breach Settlement: Facts and Payout Details
MGM Resorts International faced massive legal consequences after two severe corporate cyberattacks. These digital intrusions exposed the private records of roughly 37 million loyal customers.
Affected individuals quickly filed multiple legal complaints demanding total accountability from the company. This massive legal dispute eventually resulted in a $45 million class action settlement for American victims.
Canadian victims also received a completely separate CAD $4 million financial agreement. Eligible class members must understand exactly how the claims process works to secure their payouts.
Two Massive Cybersecurity Incidents
The 2019 Network Infiltration
MGM Resorts International first suffered a serious data theft incident in July 2019. Malicious actors successfully bypassed external firewalls to access a cloud server.
This specific digital intrusion compromised a massive phonebook directory. The stolen directory contained contact details for millions of past hotel guests.
Security teams eventually secured the compromised cloud server. However, the digital hackers had already copied the sensitive information completely.
The 2023 Ransomware Shutdown
A second cyberattack occurred in September 2023. A cybercriminal group known as ALPHV/BlackCat claimed responsibility for this massive incident.
They used sophisticated social engineering tactics to breach the corporate network. This aggressive ransomware attack forced the company to shut down critical computer systems.
The digital lockdown disabled hotel room keys, reservation networks, and casino gaming machines. The company lost an estimated $100 million during this prolonged shutdown.
Impact on Hotel Guests and Gamblers
The system shutdown caused massive chaos across the famous Las Vegas Strip. Guests could not check into their rooms or pay for meals easily.
Casino floors sat completely empty while technicians tried to restore the digital infrastructure. The public quickly realized their personal information was highly vulnerable.
This incident destroyed consumer trust in the famous hospitality brand. The fallout highlighted the extreme vulnerabilities of modern digital hotel operations.
The Exposed Customer Data
Theft of Identification Documents
The attackers successfully stole a massive variety of personal identification documents. They exposed passports, state IDs, and drivers license data.
They also compromised highly sensitive military identification records. Criminals frequently use this information to commit severe identity fraud online.
They will try to get your driver’s license number to open fake banking accounts. They can easily find the specific identification number on driver’s license documents.
Risks Associated with Social Security Numbers
Many people still have an old social security number on driver’s license cards. This older format makes identity theft incredibly simple for hackers.
You must always protect your driver’s license number from online scammers. The hackers also acquired basic contact details during both attacks.
This information included your name address, email accounts, and dates of birth. They can easily use these details to launch targeted phishing emails.
Targeted Phishing Campaigns
Scammers use phishing emails to trick you into authorizing a payment license. They might demand a payment for driver’s license renewals using fake websites.
Always verify the source before completing any drivers license payment online. Identity thieves will even perform a drivers license lookup by social security number.
They try to connect your social security number driver’s license to your banking profile. This connection gives them full access to your retirement savings.
Millions of Customers Affected
The combined cyberattacks affected roughly 37 million unique customers. This massive scale makes it one of the largest hospitality data breaches ever recorded.
The digital exposure included domestic customers and thousands of international tourists. Hackers stole international passports and driver license international equivalents.
If you have international license documents, you are still at massive risk. The criminals will aggressively use the international driver’s license number for foreign scams.
This specific situation is similar to the keenan associates data breach settlement. Huge databases of personal information are prime targets for organized digital crime syndicates.
Therefore, massive corporations must constantly upgrade their network security walls.
The United States Class Action Lawsuits
Consolidation in Nevada Federal Court
Affected consumers quickly filed multiple legal complaints after the 2023 system shutdown. The courts combined these individual lawsuits into one massive federal action.
The official legal case currently resides in the U.S. District Court of Nevada. Consolidating the cases speeds up the legal process for all participating parties.
A single unified case presents a much higher financial risk to the corporation. The company hired expensive legal defense teams to handle the litigation.
Accusations Against MGM Resorts International
The plaintiffs accused the hospitality company of extreme corporate negligence. They claimed the business failed to implement standard data security practices.
The legal filings pointed out a lack of basic employee cybersecurity training. Lawyers argued that hackers easily bypassed internal systems using simple phone calls.
The plaintiffs stated this failure directly caused their personal distress and financial harm. They demanded full accountability from the corporate executive board.
The $45 Million Financial Resolution
The hospitality company strongly denied all allegations and admitted no legal wrongdoing. The business claimed its internal security measures met basic legal requirements.
However, avoiding a lengthy public trial remained a top corporate priority. Both legal sides agreed to enter private mediation sessions to resolve the dispute.
The company eventually agreed to a massive $45 million class action settlement. The court granted final approval for this U.S. settlement on June 18, 2025.
Breakdown of the US Compensation Tiers
Tier 1: Social Security and Military IDs
The legal agreement created three specific payment tiers for affected consumers. Tier 1 is entirely reserved for the most severe data exposures.
This tier includes individuals whose Social Security numbers or military IDs were stolen. Approved Tier 1 claimants receive an estimated $75 flat cash payment.
If you fall into this category, your personal fraud risk is incredibly high. You must monitor your financial records constantly to stop criminals.
Tier 2: Passports and Driver’s Licenses
Tier 2 covers individuals who lost other forms of government identification. This specific group includes a compromised passport or a stolen driver license number.
Approved Tier 2 claimants receive an estimated $50 flat cash payment. You should immediately replace your physical ID if your license was exposed.
Check the number for the driver’s license and report it as stolen. Criminals use the specific number driver records to create fake physical documents.
Sometimes, they use the driver’s license telephone number field to trick telecom companies. They call the telephone number for driver’s license verification and redirect your texts. Protect your license info aggressively.
Tier 3: Basic Contact Information
Tier 3 is specifically for customers whose basic contact information was exposed. This includes your name address, email account, and exact date of birth.
Approved Tier 3 claimants receive an estimated $20 flat cash payment. This payout requires absolutely no supporting financial documentation from victims.
You only need to submit a basic online claim form accurately. All tier payouts are subject to standard mathematical pro-rata adjustments.
Claiming Out-of-Pocket Expense Losses
The $15,000 Maximum Reimbursement Limit
Class members can claim direct reimbursement for documented out-of-pocket financial losses. The settlement allows a maximum payout of exactly $15,000 per person.
This financial limit is much higher than standard data privacy settlements. This option covers direct financial losses caused directly by the cyberattacks.
Eligible expenses include stolen bank funds and unauthorized credit card charges. You can also successfully claim costs for professional credit repair agencies.
Providing Proper Documentation
Filing a successful expense claim requires clear physical or digital proof. You must submit official bank statements showing unauthorized financial charges.
You must provide clear receipts for any professional identity theft services. The administrator will automatically reject claims lacking proper financial evidence.
Therefore, carefully organizing your financial paperwork is absolutely necessary. This requirement matches the rules seen in the nations direct mortgage data breach class action settlement.
Mathematical Pro Rata Adjustments
The total settlement fund has a very strict hard financial cap. Therefore, massive victim participation rates often lower the final individual payouts.
The administrator calculates exact payout amounts after tallying all approved claims. This process ensures the total distribution never exceeds the agreed cap.
A high volume of claims will trigger a proportional payment reduction for everyone. This mathematical adjustment is standard practice in massive federal court agreements.
Identity Protection Services
Free Financial Account Monitoring
The agreement offers valuable identity protection benefits to all victims. Every valid claimant automatically receives one year of free financial account monitoring.
You must submit an official claim form to trigger this specific benefit. This service scans the dark web for your private personal information.
It sends an alert if someone tries to use your stolen details. Enrollment emails for this service were sent starting December 16, 2025.
Checking Your Fraud Insurance Policy
The provided monitoring service includes dedicated identity theft insurance. This specific policy provides $1 million in fraud insurance coverage.
This money covers legal fees if criminals steal your personal identity. You can use this insurance to hire lawyers to restore your credit profile.
This protection provides massive peace of mind for anxious victims. Identity restoration services remain available for seven years after the settlement.
Identifying Suspicious Account Behavior
You must remain extremely vigilant against ongoing digital fraud attempts. Check your personal bank accounts and credit cards every single week.
Look for small unauthorized charges that might indicate a hacker testing your card. Set up automatic text alerts for every bank transaction on your account.
These instant notifications help you spot fraudulent activity right away. Report any unauthorized behavior to your financial institution immediately.
The Canadian Data Breach Settlement
Separate Lawsuits for Canadian Residents
The massive data breach also affected large numbers of Canadian tourists. Canadian victims filed entirely separate class action lawsuits in their home country.
Lawsuits appeared quickly in British Columbia and Quebec provincial courts. These cases sought compensatory damages for the stolen personal information.
The hospitality company agreed to a completely separate financial resolution for these cases. Consolidating cross-border legal cases is incredibly difficult for corporations.
The CAD $4 Million Settlement Fund
The company agreed to establish a CAD $4,000,000 settlement fund for Canada. This specific money resolves all pending Canadian class action claims completely.
The Canadian courts scheduled final approval hearings for May 2026. This fund directly covers victim payouts, administrative costs, and class counsel fees.
Class members in Canada use a different official website for their claims. The Canadian claim process mirrors the U.S. system very closely.
Compensation for Substantiated Losses
Canadian victims can claim up to CAD $20,000 for substantiated financial losses. They must provide clear supporting documentation to prove these direct losses.
They can also claim smaller amounts for unsubstantiated financial losses. Unsubstantiated claims do not require direct physical receipts or bank statements.
Like the U.S. agreement, all Canadian payments face pro-rata adjustments. The administrator ensures fair distribution based on total fund availability.
Important Legal Deadlines and Payouts
Missing the Claim Form Cutoffs
Consumers must stay actively informed about all upcoming court deadlines. The final deadline to submit a U.S. claim form was June 3, 2025.
You must file your paperwork online or postmark it by this date. The strict deadline to opt out or object was May 19, 2025.
The administrator rejects all late paperwork automatically without any exceptions. Missing this critical window means losing all rights to financial compensation.
Final Approval from Judge Gloria Navarro
The federal court followed a strict timeline for the legal process. Judge Gloria M. Navarro presided over the final approval hearing.
This critical hearing occurred on June 18, 2025, in Nevada. The judge determined the massive financial agreement was completely fair.
She officially granted final legal approval to the class action settlement. This decision authorized the administrator to begin processing the payments.
Digital Disbursements and Paper Checks
Approved cash payments were officially sent out on December 12, 2025. The administrator offered multiple digital disbursement options for victims.
Claimants could choose Venmo, PayPal, direct deposit, or a prepaid Mastercard. They also offered traditional paper checks sent through the postal service.
Digital options generally arrived much faster than physical paper checks. You must cash your physical checks before their printed expiration date.
Frequently Asked Questions
How Many Customers Were Affected?
The combined cyberattacks affected roughly 37 million customers worldwide. The first incident occurred in 2019, while a massive ransomware attack hit in 2023. This scale makes it one of the largest breaches in history.
What If Hackers Have My License Information?
Hackers often steal your driver no, drivers license no, or identification no. You should immediately place a security freeze on your primary credit files. The recent sur la table data breach settlement proved that stolen IDs lead to permanent identity theft.
When Were the Payments Sent?
The official settlement administrator distributed approved cash payments on December 12, 2025. They used the specific payment method you selected on your claim form. Uncashed physical checks will eventually become completely void.
Final Takeaways
The MGM Resorts data security incidents caused massive disruptions across the entire hospitality industry. The company suffered two severe network intrusions that exposed millions of private customer records. This massive corporate failure led to a $45 million legal agreement for American victims.
Canadian victims also secured a completely separate CAD $4 million compensation fund. The administrator distributed the final approved U.S. cash payments in December 2025. This cyberattack highlights the extreme vulnerability of massive corporate digital networks today.
Hackers constantly target massive databases to steal personal identification documents. Consumers must take aggressive proactive steps to monitor their financial accounts constantly. Setting up strict credit freezes is the absolute best defense against ongoing digital fraud.
