A major US hotel chain is set to pay a $45 million settlement to numerous customers impacted by two significant data breaches. MGM Resorts International has agreed to the settlement following breaches affecting around 37 million individuals in July 2019 and September 2023. The 2019 breach exposed sensitive information such as names, addresses, phone numbers, and dates of birth, leading to concerns about identity theft. The 2023 breach also resulted in the exposure of personal data and caused disruptions at the hotels, including malfunctions in digital room keys, ATMs, slot machines, and check-in systems. The settlement, which resolves a class-action lawsuit led by Tonya Owens in the US District Court of Nevada, allows eligible members to claim up to $15,000 for documented losses or receive tiered cash payments of $75, $50, or $20 based on the type of compromised data, in addition to one year of financial monitoring. MGM has agreed to the settlement without acknowledging fault. Claims must be submitted by June 3, 2025, with opt-out or objection deadlines set for May 19, 2025.
