MGM Resorts International confirmed last week that hackers breached into its system and removed records of over 10 million guests. The company is now facing a lawsuit.

A big breach at MGM

According to MGM, hackers gained access to 10,683,188 records of their guests, which include government officials, celebrities, and convention-goers. The company notified the affected guests of the data breach last year but only confirmed the issue last week after the information was made public on an online hacker forum.

Now, a former MGM patron John Smallman is suing the company. He filed a compliant in the US District Court in Nevada on Friday, claiming that the company didn’t inform users of the breach on time. He notes that the hack occurred around July 7, 2019, but didn’t notify the guests till September 5, 2019.

The operator of Mirage, Bellagio, and numerous other high-end properties of the Las Vegas Strip likely wanted to avoid negative publicity at the time. It could have done so to avoid more issues after the Mandalay Bay mass shooting incident on October 1, 2017, that led to 800 injuries and 58 deaths.

New scandal for casino giant

ZDNet, talked about the plans of the hackers on February 19, suggesting that the data hackers gained access to, including personally identifiable information of guests. The casino giant hasn’t verified which properties were affected by the attack yet. However, it told ZDNet that payment information and passwords are likely safe. Other information like dates of birth, names, emails, phone numbers, and home addresses were compromised.

Smallman was a regular at Luxor properties for 10 years. He used his drivers’ license, debit and credit cards, etc. to make stay there and used his cards to make payments at Bellagio. His attorneys suggest that due to this hacking incident, their clients could be more vulnerable to identity theft and financial fraud in the future. They also suggest that he suffered an injury because his personally identifiable information was damaged and suffered a diminution in value and led to a loss of privacy.

Most players in the hospitality industry acquire considerable amounts of personally identifiable information because of which guests could be vulnerable should data be compromised. The largest data breach in the last decade was recorded at Marriott’s Starwood, where 383 million records were compromised. Hilton and Hyatt’s properties have also had to face cybercriminals.