© Reuters.
MGM Resorts International (NYSE:) has been named in a class action lawsuit following a significant data breach that exposed its customers’ personal information and disrupted operations for ten days. The suit, filed on Friday, September 22, 2023, alleges negligence on the part of MGM for failing to maintain adequate measures to prevent unauthorized disclosure of customers’ data.
The cyberattack began on September 7, 2023, when hackers impersonated an IT admin and gained access credentials. The attack led to a lockdown of MGM’s network, preventing resort guests from using their electronic room cards, Wi-Fi, ATM kiosks, electronic gaming devices, and other resort services. Two cybercriminal organizations, “The Scatter Spider” and ALPHV, have claimed responsibility for the attack.
The class action was brought forward by Emily Kirwan on behalf of herself and other members of MGM’s loyalty program affected by the cyberattack. According to the lawsuit, MGM exposed full names, dates of birth, addresses, email addresses, phone numbers, Social Security numbers, and/or driver’s license numbers due to negligence and failure to follow “adequate and reasonable” procedures and policies regarding the encryption of data.
In addition to the data breach, MGM’s operations were severely impacted. The company’s reservation systems were compromised which led to long lines in most of the lobbies at MGM properties as employees had to do much of the work manually. Normal operations were reinstated after a ten-day computer shutdown.
On Monday last week (September 18), MGM announced it had managed to get most of its computers back online after suffering a ransomware cyberattack. However, there are many unknown factors about the cyberattack that pose significant risks to investors. Analysts have estimated daily losses in revenue but increased costs have not yet been reported. The liability in the data loss is unknown, and the terms and amount of insurance coverage for cyberattacks are also unknown.
MGM Resorts International does have an impressive recent record of buybacks, reducing the share count from nearly 500 million to just over 350 million over the last three years. However, the tangible book value of MGM is -$6.65 per share, and they’re carrying more than $19 of debt per share. Their earnings history is not impressive, showing a general upward trend but nothing significant, and that’s before factoring in the current situation.
The company has yet to estimate the increased labor costs incurred due to the cyberattack. However, MGM Resorts International does maintain insurance against cyberattacks according to their most recent 10-K filing. The extent of their coverage remains unknown at this time.
The class action suit follows another similar lawsuit targeting fellow Vegas Strip heavyweight Caesars (NASDAQ:) Entertainment for a similar cyberattack.
This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.