Posted by A class-action lawsuit has been filed against MGM for failing to protect its customers’ personal information. The lawsuit alleges that the company failed to implement reasonable data security practices, allowing the personal information of 10.6 million guests to be exposed to hackers on the dark web. A settlement is likely in the future, but for now, the company is paying out free credit monitoring to impacted customers. The plaintiff claims that these practices are not enough to protect their privacy and that they will now face years of increased risk of identity theft.
Class action lawsuit seeks damages exceeding $5 million
A class action lawsuit has been filed in Nevada District Court claiming that MGM Resorts is responsible for a security breach that exposed the personal information of 10 million people. The security breach was discovered last summer, and the casino chain has since notified affected guests. While there is no concrete evidence that MGM intentionally kept the breach under wraps, the company says it intended to keep it hidden from the public in hopes that the security flaws would go unnoticed.
The plaintiffs’ arguments regarding the damages, in this case, were rejected by the court. In the end, the judge ruled that the failures of DSG did not amount to “positive action” under the law. Rather, the plaintiffs were unable to demonstrate that the breach caused them harm, but they failed to prove that they suffered pecuniary and moral damages because of the breach.
Alleges that MGM failed to implement reasonable data security practices
The complaint against MGM focuses on the company’s failure to implement adequate security practices and to disclose that it had inadequate computer systems and security practices. It seeks to certify a nationwide class of all individuals whose personal information was compromised by the Data Breach. Additionally, the complaint seeks to obtain damages and a mandatory injunction ordering MGM to implement improved data security practices. If the allegations prove true, the lawsuit will have a significant effect on the industry and its customers.
The complaint details how a cloud server hosted by MGM Resorts International was breached over the summer, exposing the personal information of 10.6 million guests. This information was accessed by hackers who attempted to sell the data. While the hacker has not been identified, it is believed that the data he stole belonged to a third party. MGM has denied the allegations, but a settlement could be in the works.
Exposed personal information of 10.6 million guests
This week, the personal information of at least 10.6 million MGM Resorts guests was leaked on a hacking forum. The data included home addresses, email addresses, and even passport numbers. Many high-profile celebrities and tech company CEOs were among those affected. Even Justin Bieber’s name was listed. MGM says the information was accessed illegally. But it is still unclear whether or not payment information was exposed.
The lawsuit claims that MGM Resorts International failed to implement proper cyber security procedures after a cloud server was compromised. According to the lawsuit, the company failed to delete or aggregate sensitive information and then aggregated it onto a cloud server. MGM has not yet responded to the lawsuit, but it has already agreed to pay a $250,000 settlement. This money is intended to compensate victims.
Leaked to hackers on the dark web
Last year, MGM Resorts discovered that unauthorized access to a cloud server had been made possible. This breach had been detected by a data leak monitoring service. This information included a small amount of guest information, but this week, that same information was leaked to a hacking forum. The hacker is believed to have ties to the group GnosticPlayers, which has posted more than one billion records to hacking forums in recent years. MGM Resorts were able to match up leaked guest information to the database to prove that its guests were affected by the breach.
The hacker has stolen the database of 142 million MGM guests. The hackers gained access to the computer network through a smart thermostat installed in a fish tank. The hackers have now taken the data and placed it on the dark web. While this may sound like a nefarious act, it does point to the importance of decentralization in cybersecurity. While MGM has shut down this particular hack, it is encouraging people to get in touch if their details were included in the data breach.
Steps to take after a data breach
After a massive data breach, you may be wondering how to protect your identity. The good news is that there are a variety of steps you can take to protect your identity. The first step is to freeze your credit. You must contact the three major credit bureaus to request that they unfreeze your credit. Once your credit has been frozen, you must unfreeze it before you apply for new credit products. If you’re unsure about how to do that, here are five steps you should take:
Change passwords. This might seem like a no-brainer, but it’s crucial to change all of your passwords after a data breach. In particular, you should change the ones for your MGM accounts. You should also create new ones that are unique and strong. To make the process easier, use a password manager program. You’ll be surprised at how many different combinations you can generate.