MGM Resorts International has agreed to a $45 million class action settlement after two significant data breaches compromised sensitive customer information. While the company denies any wrongdoing, the settlement ends ongoing legal proceedings and offers financial relief to those impacted.
Background on MGM Resorts and the Data Breach
Founded in 1986 and headquartered in Las Vegas, MGM Resorts International is a major player in hospitality, casino operations, and digital gaming through its BetMGM brand. The company operates notable Las Vegas properties like the Bellagio, MGM Grand, and Mandalay Bay.
Two separate data incidents — one in July 2019 and another in September 2023 — exposed a wide range of private information. Hackers gained unauthorized access to:
- Social Security numbers
- Driver’s license numbers
- Names and home addresses
- Military identification numbers
- Dates of birth
- Email addresses
- Passport numbers
- Telephone numbers
These breaches led to the current class action lawsuit and eventual settlement.
Settlement Details and Eligibility
MGM has agreed to pay $45 million to resolve the lawsuit. To qualify for compensation, individuals must meet the following criteria:
- Reside in the United States
- Have had personally identifiable information exposed during one or both of the breaches
- Have received a data breach notice from MGM Resorts International or the settlement administrator
Compensation Options for Class Members
There are two types of financial relief available: flat cash payments and documented reimbursement for financial losses.
Cash Payment Tiers
| Tier | Data Exposed | Estimated Payment |
|---|---|---|
| 1 | Social Security or Military ID numbers | $75 |
| 2 | Driver’s license numbers | $50 |
| 3 | Name, address, or date of birth only | $20 |
Documented Loss Reimbursement
Eligible individuals may claim up to $15,000 in reimbursement for verified financial losses resulting from the breaches. Qualifying expenses include:
- Credit monitoring services
- Identity theft losses
- Credit freeze or unfreeze costs
- Postage, copying, or notary fees
- Mileage or long-distance phone charges
All claims for reimbursement must be supported by documentation, such as receipts, bank statements, or credit card records.
Free Credit Monitoring
In addition to cash payouts, one year of financial account monitoring is offered to impacted individuals.
How to Submit a Claim
Claimants must fill out a claim form and submit it online or by mail.
- Deadline to file a claim: June 3, 2025
- Objection/exclusion deadline: May 19, 2025
- Final approval hearing: June 18, 2025
No documentation is required for the flat cash tiers, but any reimbursement request for up to $15,000 must include proof of expenses.
Visit Top Class Actions for detailed claim instructions and to access the online submission portal.
Why This Settlement Matters
This settlement underscores the growing legal and financial consequences companies face when failing to secure customer data. With millions of consumers affected by cyberattacks each year, settlements like this offer a form of restitution and highlight the importance of corporate data protection.
While MGM admits no liability, the payout reflects a recognition of the inconvenience and potential harm caused by these security lapses.
FAQs
Who qualifies for the MGM data breach settlement?
U.S. residents whose personal data was compromised in the 2019 or 2023 breaches and who received an official notice.
What is the maximum compensation available?
Up to $15,000 for documented losses or a flat cash payment ranging from $20 to $75 depending on data exposed.
What if I missed the objection or exclusion deadline?
If you didn’t act by May 19, 2025, you’re bound by the terms of the settlement and cannot pursue separate legal action.