Lawsuits Filed Against Caesars Entertainment and MGM Resorts Alleging Failure To Protect Customer Data

LAS VEGAS – Five class-action lawsuits filed in Nevada District Court last week allege that Caesars Entertainment and MGM Resorts International failed to protect the personal identifiable information of loyalty program customers whose data may have been compromised during separate cyberattacks made public this month.

The lawsuits allege the companies knew or should have known the importance of safeguarding the personal information it held and that they failed to comply with Federal Trade Commission guidelines and industry standards. The plaintiffs allege they are now more vulnerable to identity theft.

The lawsuits come after Caesars Entertainment publicly detailed a social engineering cyberattack on the company in a Securities and Exchange Commission filing on Sept. 14. The company said a Sept. 7 investigation determined an attacker acquired a copy of the Caesars Rewards loyalty program database, which includes driver’s license and Social Security numbers.

Meanwhile, MGM Resorts, the state’s largest employer and the operator of 10 Strip resorts from the high-end Bellagio to the more family-friendly Excalibur has been working through a cyberattack launched Sept. 10 that kept systems offline for nine days.

Eastern European hacker gangs ALPHV and Scattered Spider have claimed responsibility for the attacks. Caesars reportedly paid a multimillion-dollar ransom to free its systems before much damage could be done, while it’s unclear if MGM considered paying a ransom. Notably, both companies are being sued despite their apparently different approaches to the separate attacks.

Credits: Review Journal