MGM Resorts Data Breach Settlement: What You Need to Know

In September 2023, MGM Resorts, a global leader in hospitality, faced a significant cybersecurity crisis. A ransomware attack by the ALPHAHV/Black Cat group disrupted operations across 30 properties, impacting an estimated 37 million customers. The breach lasted nine days, leaving guests unable to access their rooms, use slot machines, ATMs, or check-in systems. Hackers infiltrated MGM’s systems by manipulating an IT employee, leading to the theft of personal data later sold on the Dark Web.

MGM’s decision not to pay the ransom was a bold stance against cybercriminals, but it left customers exposed. The fallout resulted in class action lawsuits, combined with claims from a similar 2019 breach. In January 2025, MGM agreed to a $45 million settlement, with a final hearing set for June 18, 2025.

Who Is Eligible for Compensation?
If you stayed at an MGM property before the breaches and believe your data was compromised, you may qualify for compensation. MGM began notifying confirmed victims in 2024, sending letters with personalized IDs and PINs to simplify the claims process. The deadline to file is June 3, 2025.

Payouts vary based on the type of data breached:
– $15,000 for those who can prove substantial financial losses.
– $75 for individuals whose Social Security or military identification numbers were stolen.
– $50 for those with exposed passport numbers or driver’s licenses.
– $20 for individuals whose names, addresses, or birthdates were compromised.

Additionally, all settlement class members are eligible for one year of free identity theft protection and credit monitoring, a critical safeguard in today’s digital landscape.

The Human Impact of the Breach
The MGM breach underscores the vulnerabilities in our digital world. For millions, the attack was more than an inconvenience—it was a violation of privacy. Stolen personal data can lead to identity theft, financial fraud, and other malicious activities. While the settlement offers some relief, the emotional and financial toll on victims remains significant.

Chase DiBenedetto, a Social Good Reporter at Mashable, highlighted the broader implications of the breach. Known for her coverage of digital activism, climate justice, and media representation, DiBenedetto’s work emphasizes the human side of cybersecurity and the importance of protecting personal data in an increasingly connected world.

Lessons Learned and Moving Forward
The MGM breach is one of the largest in the hospitality industry, serving as a wake-up call for businesses to prioritize cybersecurity. As technology advances, so do the tactics of cybercriminals. Companies must invest in robust security measures and employee training to prevent future attacks.

For victims, the settlement provides an opportunity to recover some losses, but it also serves as a reminder to stay vigilant. Regularly monitoring credit reports, enabling two-factor authentication, and using identity theft protection services are essential steps to safeguard personal information.

In the end, the MGM data breach is more than a corporate crisis—it’s a story about trust, resilience, and the ongoing battle to protect our digital lives. If you believe you were affected, don’t wait. File your claim before the June 3, 2025 deadline and take advantage of the resources available to you.

Stay informed, stay protected, and remember: in the digital age, your data is your most valuable asset.