MGM And Caesars Face Class-Action Lawsuits on Data Protection Failure Allegations

The stream of unpleasant events continues for two top tier gaming and entertainment operators. Having restored their online operations after separate cyberattacks, Caesars Entertainment and MGM Resorts International are now reportedly facing lawsuits for the alleged failure to protect personal data of loyalty program customers during the recent hacker activities.

Five Lawsuits Filed:

As Las Vegas Review-Journal (LVRJ) reports, a total of five class-action lawsuits were filed in Nevada District Court last week. The two Las Vegas-based gaming giants have been sued for the alleged failure to protect personal information of loyalty program customers as such data might have been compromised during the recent attacks.

Three Lawsuits Against Caesars, Two Against MGM:

According to LVRJ, four lawsuits – two against Caesars and two against MGM – were filed by the Las Vegas-based law firms Stranch, Jennings and Garvey PLLC, and Florida-based Kopelowitz Ostrow Ferguson Weiselberg Gilbert on September 21, 2023, with the fifth lawsuit filed on September 22 against Caesars by Reno-based O’Mara Law Firm and Chicago-based Barnow and Associates.The law firms filed class-action lawsuits as they reportedly represent plaintiffs being loyalty program customers from various states.


As reported, Stranch represents Alexis Giuffre, a two-year Caesars Rewards member from Illinois, and Paul Garcia, a 12-year member of Caesars Rewards from Denver in the two lawsuits against Caesars.  In the two lawsuits against MGM, law firm Kopelowitz Ostrow Ferguson Weiselberg Gilbert reportedly represents the plaintiffs Emily Kirwan from Lousiana and Tonya Owens from Mississippi. The fifth lawsuit was filed by the O’Mara Law Firm representing Illinois residents Thomas and Laura McNicholas, according to LVRJ.

Alleged Failure to Protect Data:

MGM reportedly said that its computer systems are now operating normally. Slot machines and paid parking system has fully restored operations but the four law firms in the class-action lawsuits reportedly allege that the companies failed to ensure personal data protection thus violating the Federal Trade Commission instructions and standards and exposing the plaintiff data to issues like identity thefts.

Loyalty Program Database Compromised:

The class-action comes after the Caesars investigation of the September 7 cyberattack revealed that the intruder had acquired a copy of the Caesars Rewards loyalty program database, as reported by LVRJ. On the other hand, MGM faced the attack on September 10 to keep the system offline for nine days, according to the source.

Eastern European Gangs Claim Responsibility for the Attacks:

The same source reports that the Eastern European hacker gangs ALPHV and Scattered Spider have accepted responsibility for the attacks. There have been reports that Caesars paid multi-million ransom money to restore operations, while MGM reportedly remained silent about any ransom payment considerations over the public comment period. The source also notes that both companies are being sued although they differently handled these separate attacks.