There are, in all, five legal cases that have been filed against MGM Resorts International and Caesars Entertainment for not being capable of safeguarding critical customer data. This was the period when Las Vegas casinos became the victims of several cyber threats.
The legal cases filed in Nevada District Court mention that both the biggest gaming organizations on the Strip could not take adequate measures to protect themselves from cyber attacks due to a lack of sufficient cyber safety methods. The legal document added that the companies did not bother to update their customers on the unfortunate events.
It was separate rewards club members who filed the four legal notices requesting adequate judgment. Emily Kirwan and Tony Owens, who filed the lawsuit against MGM, are listed, as are Alexis Giuffre and Paul Garcia, who sued Caesars. Thomas and Laura McNicholas filed a second lawsuit specifically against Caesars.
In all five legal lawsuits filed, there was mention of inadequacy and breach of contract. All the plaintiffs are looking for compensation for causing financial harm, along with statutory and punitive harm. Included is the request for a jury trial.
The lawsuits speak of the companies’ complete inadequacy in properly protecting the critical data that was needed by the customers of their reward club, negatively impacting the regulations laid down by the concerned authorities.
In the case of Kirwan’s lawsuit, it clearly mentions that MGM knew what it was coming in for, thanks to Okta, an IT vendor that MGM depended upon and who had predicted just such an occurrence. Okta had also discussed the hacker’s mode of operation, which consisted of having the service center executive restart all multi-factor authentication for prime users.
All the lawsuits mention the fact that with the revelation of the data, all of the victims will have the added task of continuously keeping track of their financial status for as long as they live.
Hackers declared that they had siphoned off six terabytes of critical information from MGM and Caesars. They also mentioned that most of the data currently exists on the dark web. In this scenario, hackers have the option of downloading the data and utilizing it to get loans, driver’s licenses, file falsified tax returns, and lay claims for unemployment.
The cyber attack that took place with MGM on the 10th of September, 2023, ensured all systems remained offline for a period of nine days in all of MGM’s ten casino resorts on the strip. Caesars is known to run nine casino resorts and spoke about the same sort of cyber attack in the recent past when it filed a legal case with the SEC. The company apparently landed up paying the amount of $15 million as ransom. Presently, they are in the process of eliminating the stolen data.