MGM Resorts and Caesars Entertainment are both facing class-action lawsuits from customers who allege that the companies failed to protect their personal data following recent cyberattacks. [Image: Shutterstock.com]

Additional headaches

The woes continue for MGM Resorts International and Caesars Entertainment following recent cyberattacks. Both casino companies have been in the firing line after their respective system breaches and they are now facing class action lawsuits for failing to protect the data of their customers.

plaintiffs allege MGM and Caesars didn’t keep identifiable information secure

Five class action lawsuits were filed last week in the Nevada District Court. The plaintiffs allege MGM and Caesars didn’t keep identifiable information secure for people who were a part of loyalty programs.

A Las Vegas law firm and a Florida law firm filed a total of four lawsuits on Thursday, with a Chicago-based practice co-filing a lawsuit on Friday with a firm in Reno. The plaintiffs live in various US states.

Lacking proper protection

The complaints claim that the casino firms should have been aware of how important it is to properly protect private customer data. According to the plaintiffs, Caesars and MGM were not compliant with industry standards and guidelines from the Federal Trade Commission.

MGM was losing out on up to $8.4m in revenue every day that the cyberattack continued, according to certain industry analysts. The total cost of the hack is unconfirmed.

MGM specifically received numerous warnings from its IT vendor Okta regarding attempted social engineering attacks. The impacted parties believe that they are now more susceptible to falling foul of identity theft following the leaks.

A disruptive period

Both MGM and Caesars fell victim to social engineering cyberattacks by ALPHV, a Russian hacking group. Caesars kept its issue quiet until submitting a filing to the Securities and Exchange Commission on September 14 regarding the hack.

the hackers were able to access a copy of its loyalty program database

Caesars found that the hackers were able to access a copy of its loyalty program database, which included Social Security numbers and driver’s license information. Caesars reportedly paid a ransom of $15m after an initial request of $30m from the hackers. In doing so, the company avoided losing control of any of its systems.

MGM’s experience was totally different, with the computer systems at its Las Vegas properties shut down for more than a week as a result of its cyberattack by ALPHV. This led to glitchy slot machines, people not being able to access hotel rooms, and malfunctioning payments.

MGM’s computer systems are now back to normal, including all slot machines and paid parking at its Las Vegas properties. The Las Vegas Review-Journal reported that the check-in lines for rooms at the MGM-owned Bellagio and Mandalay properties remained long on Monday afternoon. It is unknown if MGM paid any ransom to the attackers.