The lawsuits were filed in the Nevada District Court, asserting that both companies did not sufficiently safeguard the personal identifiable information of their loyalty program customers from cyberattacks in September, potentially exposing them to identity theft risks.
On September 21, Las Vegas-based law firms, Stranct and Jennings and Garvey PLLC, and Florida-based Kopelowitz Ostrow Ferguson Weiselberg Gilbert initiated four lawsuits – two against Caesars and two against MGM.
Additionally, a fifth lawsuit was filed against Caesars on September 22 by the Reno-based O’Mara Law Firm and Chicago-based Barnow and Associates. These lawsuits represent plaintiffs from various states across the nation.
The lawsuits argue that the companies were aware of or should have recognised the significance of protecting the personal information they held, and that they failed to adhere to Federal Trade Commission guidelines and industry standards.
Victims suspect that their compromised data may have been sold on the dark web, underscoring the high value of personal identifiable information among cybercriminals.
All five lawsuits are seeking monetary damages for the affected victims, encompassing actual, statutory and punitive damages, along with restitution.
The demands extend to seeking any profits the companies may have obtained through utilising the compromised data and assurances that such breaches will be prevented in the future. The lawsuits allege negligence, breach of contract, and unjust enrichment and all are requesting a jury trial.
Caesars publicly disclosed a social engineering cyber attack in a Securities and Exchange Commission filing on 14 September. The company revealed that an attacker acquired a copy of the Caesars Rewards loyalty program database, which included driver’s licence and Social Security numbers, during the 7 September incident.
Meanwhile, MGM experienced a cyber attack on 11 September that led to the shutdown of some casino and hotel computer systems across the US.
