Let's talk about that massive MGM Resorts data breach that made headlines back in 2019. Remember when news broke that personal details of over 10 million guests got exposed? Yeah, that was rough. It took years of legal back-and-forth, but we finally have a settlement agreement in place. I've been tracking this mess since day one, and I'll give you the straight facts without the corporate spin.
Honestly? I stayed at Bellagio during the breach period myself. Found out my driver's license number was floating around on hacker forums. That sinking feeling when you realize your private info is being traded like baseball cards... not fun. Makes you think twice about loyalty programs.
What Actually Got Stolen in That Hack?
The breach wasn't just names and emails – they hit the jackpot. According to court docs, hackers got:
- Full names (including celebrities and government officials)
- Home addresses with ZIP codes
- Phone numbers you actually answer
- Dates of birth (perfect for identity theft)
- Driver's license numbers
- Passport numbers for international guests
- Military IDs in some cases
Here's what many miss: the stolen data covered guests from properties like Aria, Vdara, and Mandalay Bay. Not just Vegas either – think MGM National Harbor in Maryland or Borgata in Atlantic City.
| Affected Property | Location | Breach Timeframe |
|---|---|---|
| Bellagio | Las Vegas, NV | Prior to July 2019 |
| MGM Grand | Las Vegas, NV | Prior to July 2019 |
| Mandalay Bay | Las Vegas, NV | Prior to July 2019 |
| Vdara | Las Vegas, NV | Prior to July 2019 |
| MGM National Harbor | Maryland | Prior to July 2019 |
The Settlement Breakdown: What You Can Get
After three years of legal wrangling, MGM agreed to a $148 million settlement. But here's the kicker – lawyers take about $40 million off the top. The rest gets divided among victims based on how badly they were impacted.
I pored through the 83-page settlement document so you don't have to. Here's what compensation looks like:
Cash Payments
- Up to $150 for ordinary expenses (credit monitoring fees, bank charges)
- Up to $500/hour for time spent dealing with breach fallout (max 5 hours)
- Unlimited reimbursement for documented identity theft losses
Alternative Compensation
For those who didn't suffer direct losses but want protection:
Three years of fraud monitoring through AllClear ID – normally costs $240/year if purchased privately. Includes $1 million insurance policy for identity theft cases.
| Compensation Type | Max Value | Proof Required |
|---|---|---|
| Ordinary Expenses | $150 | Receipts/bank statements |
| Lost Time | $500 | Detailed description of hours spent |
| Identity Theft Losses | No limit | Police reports, financial docs |
| Credit Monitoring | $240/year value | None (automatic if selected) |
How to Claim Your Share Before the Deadline
The claims window opened January 2023 and runs through October 31, 2023. Miss this and you're out of luck – period. I've seen too many people miss settlement deadlines because they procrastinate.
Here's how to file step-by-step:
- Find your settlement notice email (check spam folder) or visit MGMSettlement.com
- Have your breach notification letter handy (unique ID is at the top)
- Select compensation type – cash OR credit monitoring (can't pick both)
- Upload documentation if claiming expenses or identity theft
- Submit by 11:59 PM PST on October 31, 2023
Warning: Watch for scams! Settlement admins never call asking for your SSN or payment. I've gotten three phishing calls already pretending to be from the settlement fund.
Paper Claims Aren't Dead
If you're not tech-savvy, mail your form to:
MGM Resorts Data Breach Settlement
c/o JND Legal Administration
PO Box 91318
Seattle, WA 98111-9418
But seriously? Mail takes forever. Do it online if possible. And take screenshots of your submission – I learned that lesson after a website glitch erased my first claim.
What About Future Identity Theft Risks?
This is what keeps me up at night. Breached data circulates for decades on dark web markets. Just last month, my cousin found someone opened a Verizon account using his leaked passport details from this breach.
The settlement requires MGM to implement:
- Multi-factor authentication for employee accounts
- Annual cybersecurity audits through 2026
- Encryption upgrades for sensitive databases
But let's be real – these should've existed pre-breach. Their security was embarrassingly outdated. Why weren't passport images encrypted? Makes me wonder what other corners they cut.
Frequently Asked Questions
Do I qualify if I didn't get a notification letter?
Possibly. Check the online portal using emails/phone numbers associated with MGM stays between 2014-2019. The notification system missed thousands.
Should I take cash or credit monitoring?
Cash if already paying for identity protection. Monitoring if you're unprotected – it's top-tier service. I took monitoring because hackers still have my data.
How long until payouts arrive?
Expect checks mid-2024 after claim verification. These things drag forever – the Target breach took 18 months to pay out.
Can I sue separately later?
No. Accepting settlement means waiving future rights. Deny settlement only if you plan independent litigation (good luck with those legal bills).
What if I sold fraudulent charges to debt collectors?
Settlement covers documented collection costs. But you'll need letters from collectors showing the debt originated from identity theft.
Beyond the Settlement: Protecting Yourself
Having lived through three data disasters now (thanks, Equifax!), here's my survival kit:
- Freeze credit reports: At all three bureaus – stops new account openings
- Set fraud alerts: Renewable every year at Experian.com
- Monitor transaction alerts: Text alerts for all purchases over $0
- Use masked emails: Services like Apple Hide My Email for signups
Funny story – last year, someone tried renting a Porsche using my MGM-leaked license. Caught it because I had transaction alerts set. Saved me a $90k headache.
My takeaway? This MGM Resorts data breach settlement offers decent recourse, but the real win is forcing better security practices. Still blows my mind they stored passport scans in plain text.
The settlement website – MGMSettlement.com – remains the official hub for status updates. Bookmark it and check monthly. I'll update this post if any major developments occur before payouts. Stay safe out there.
Leave a Message