Las Vegas Sues MGM and Caesars Over Ineffective Cyberattack Responses

Published: September 25, 2023, 06:14h. 

Last Updated: September 25, 2023, 06:15h.

Five lawsuits filed against MGM Resorts International and Caesars Entertainment accuse them of failing to protect customer data during the recent cyberattacks on Las Vegas casinos. These unprecedented attacks have prompted legal action seeking retribution.

Cybercrime isn’t any less expensive, or potentially life-ruining, than street crime. (Image: Reuters/David Becker)

These lawsuits were recently filed in Nevada District Court, accusing MGM and Caesars of negligence and inadequate cybersecurity measures. The lawsuits also claim the companies failed to promptly notify customers of the security breach.


Four of the lawsuits seek class-action status and involve Tony Owens and Emily Kirwan (plaintiffs against MGM), and Paul Garcia and Alexis Giuffre (plaintiffs against Caesars). A fifth lawsuit was filed by Thomas and Laura McNicholas specifically against Caesars.

These lawsuits aim to obtain compensatory, statutory, and punitive damages, restitution, and demand jury trials for the victims. They argue that MGM and Caesars had a responsibility to protect their customers’ information and violated Federal Trade Commission guidelines and industry standards through their negligence.

In Kirwan’s lawsuit, it is explicitly stated that MGM was aware of potential cybersecurity attacks, as its IT vendor, Okta, had warned them about social engineering attacks targeting service desk personnel.

All the lawsuits emphasize the need for the victims to remain vigilant and continuously monitor their financial accounts for the rest of their lives.


The hackers claim to have stolen six terabytes of sensitive information from both MGM and Caesars. Many of the victims believe this data is already circulating on the dark web, where criminals can exploit it for identity theft and fraud.

MGM experienced a cyberattack on September 10, which resulted in a nine-day system shutdown across its ten Las Vegas casino routes. Caesars disclosed a similar social engineering cyberattack before September 7, as stated in an official Securities and Exchange Commission filing on September 14. Reportedly, Caesars paid a $15 million ransom to restore its systems promptly.

Caesars stated, “We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result.”

MGM has not released any statements concerning the exposure of its customers’ data.

Last week, leading cybersecurity experts were asked by to assess which casino giant, MGM or Caesars, handled their cyberattack more effectively.

Source link

Leave a Comment