When Hackers Hit the Jackpot: MGM’s $45 Million Settlement

Imagine this: You’re sipping a cocktail at the Bellagio, enjoying the high life, only to find out your personal data has been auctioned off on the dark web. That’s the reality for 37 million MGM Resorts customers after two devastating cyberattacks in 2019 and 2023. Now, MGM is coughing up a whopping $45 million to settle the fallout. But is it enough?

The Breaches That Shook Vegas

In 2019, hackers infiltrated MGM’s systems, stealing millions of customer names, addresses, phone numbers, and more. The company confirmed the breach in 2020 after the stolen data was dumped on a cybercrime forum. But MGM didn’t learn its lesson. Fast forward to 2023, and the company was hit again—this time with a ransomware attack that crippled its operations for weeks. The hackers walked away with Social Security numbers, passport details, and a $100 million dent in MGM’s wallet.

“These breaches are a wake-up call for the hospitality industry. Cybersecurity isn’t optional—it’s essential.”

Cybersecurity Expert, The Record

The $45 Million Question

MGM’s settlement, approved on January 21, 2025, will see victims receive up to $75 each, depending on the type of data stolen. But here’s the kicker: 30% of the settlement fund will go straight to attorney fees. That’s $13.5 million for lawyers, leaving the victims with crumbs. MGM has remained tight-lipped about the exact number of affected individuals, and spokesperson Brian Ahern didn’t respond to requests for comment. Classic Vegas silence.

What’s Next for MGM?

With a federal court ruling on the settlement scheduled for June 18, 2025, MGM is hoping to put this nightmare behind them. But for the millions of customers whose data was stolen, the damage is done. The question remains: Will MGM finally step up its cybersecurity game, or will hackers strike again?

• 2019 Breach: Millions of customer records stolen, including names, addresses, and phone numbers.
• 2023 Breach: Ransomware attack disrupts operations, steals Social Security and passport numbers.
• $45M Settlement: Victims get up to $75 each, while lawyers pocket $13.5 million.

This isn’t just a story about a company paying for its mistakes. It’s a wake-up call for every business handling sensitive data. Cybersecurity isn’t a luxury—it’s a necessity. And for MGM, the stakes have never been higher.