MGM, Caesars in Las Vegas Sued Over Inadequate Cyberattack Preparedness
Posted on: September 25, 2023, 06:14h.
Last updated on: October 9, 2023, 05:50h.
Five new lawsuits are seeking retribution from MGM Resorts International and Caesars Entertainment for failing to protect sensitive customer data during this month’s unprecedented Las Vegas casino cyberattacks.
The lawsuits filed late last week in Nevada District Court allege that the two largest gaming companies on the Strip were negligent for, among other things, not providing adequate cybersecurity measures and for failing to inform customers promptly that their information was compromised.
Individual rewards club members on Thursday filed four lawsuits seeking class-action status. (They were filed on behalf of all affected rewards club members.) Tony Owens and Emily Kirwan filed separate lawsuits against MGM, and Paul Garcia and Alexis Giuffre filed against Caesars. A fifth lawsuit was filed Friday against Caesars alone by plaintiffs Thomas and Laura McNicholas.
All five lawsuits allege negligence, breach of contract, and unjust enrichment. They all seek monetary damages — actual, statutory, and punitive damages, as well as restitution — in addition to jury trials.
Hackstabbed
The suits allege that MGM and Caesars knew, or should have known, the importance of safeguarding the sensitive information they required from their rewards club customers. The suit contends that their negligence violated Federal Trade Commission guidelines and industry standards.
Kirwan’s suit specifies that MGM “was aware that it was vulnerable to this type of attack because the IT vendor that it relied upon, Okta, had warned of “a consistent pattern of social engineering attacks against IT service desk personnel, in which the caller’s strategy was to convince service desk personnel to reset all multi-factor authentication factors enrolled by highly privileged users.”
The suits all contend that, as a result of their data being exposed, the victims will need to be vigilant and constantly monitor their financial accounts for the rest of their lives.
Hackstory
Hackers claim they stole six terabytes of sensitive information from both companies, much of which their victims believe is already available on the dark web. Identity thieves can download the data and use it to obtain loans and driver’s licenses and to file fraudulent tax returns and unemployment claims.
MGM’s September 10 cyberattack kept systems offline for nine days at its 10 casino resorts on the Strip. Caesars, which operates nine casino resorts, publicly detailed a similar social engineering cyberattack sometime before September 7 in a Securities and Exchange Commission filing on September 14. The company reportedly paid a $15 million ransom to free its systems as soon as possible.
“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” Caesars said in a statement.
MGM, which is believed not to have paid a ransom, has made no statement about the exposure of its customers’ data.
Last week, Casino.org asked a leading cybersecurity expert which casino giant, MGM or Caesars, appears to have better managed their cyberattack.
Related News Articles
Las Vegas Casino Cyberattacks: A Timeline
Venetian Slot Outage NOT a Cyberattack, Las Vegas Casino Insists
MGM vs. Caesars: Cybersecurity Expert Rates Hacking Responses
Las Vegas Resorts Defeat Lawsuit Over Room Rate Collusion … For Now
Most Popular
FTC: Casino Resort Fees Must Be Included in Upfront Hotel Rates
Genovese Capo Sentenced for Illegal Gambling on Long Island
NBA Referees Expose Sports Betting Abuse Following Steve Kerr Meltdown
UPDATE: Former Resorts World & MGM Grand Prez Loses Gaming License
Most Commented
-
UPDATE: Whiskey Pete’s Casino Near Las Vegas Closes
December 20, 2024 — 30 Comments— -
Caesars Virginia in Danville Now Accepting Hotel Room Reservations
November 27, 2024 — 9 Comments— -
UPDATE: Former Resorts World & MGM Grand Prez Loses Gaming License
December 19, 2024 — 8 Comments— -
FTC: Casino Resort Fees Must Be Included in Upfront Hotel Rates
December 17, 2024 — 7 Comments—
No comments yet