Legal help for data breach compensation claims

MGM Resorts data breach – one year on

Start Your Claim Today!

Your privacy is extremely important to us. Read how we handle your data in our Privacy Policy

Just over a year has passed since the MGM Resorts data breach was revealed, after a security breach resulted in the monumental leak of customer information.

The breach fell in line with the ongoing trend of data breaches in the travel and tourism industry, which has affected several other major companies, including British Airways and easyJet.

Although the news of the breach emerged last February, we can still take on claims for affected customers from England and Wales. Victims may be eligible to receive compensation pay-outs for any harm that they have suffered.

The information exposed in the MGM Resorts data breach

In February 2020, it was reported that the data of 10.6 million former MGM guests had been posted online on a hacking forum. The MGM Resorts data breach was confirmed by the organisation itself in an email statement, in which they pinpointed a security incident from summer 2019 as the cause of the leak. The exposed data belonged to previous guests of MGM resorts, and included names, home addresses, email addresses, telephone numbers, and dates of birth.

Although MGM has maintained its position that no financial details or passwords were affected by the leak, the figure of affected customers was revised in July 2020. At this point, it was revealed that as many as 142 million guests may have been affected by the data breach. The huge leap in the number of victims makes this an incredibly embarrassing information breach for MGM.

Claiming compensation for a data breach

Many affected customers may be wondering what makes them eligible to claim compensation for the MGM Resorts data breach. Unfortunately, there can be many negative effects to a data breach such as this, and these are elements that we need to take into account. For example, fraudsters could use the contact details to send phishing messages, attempting to convince victims to hand over further personal data, such as bank account details. The financial and security risks could, therefore, be severe, but the breach of privacy in itself could also provide sufficient fuel for a compensation claim.

Alongside claiming for your involvement in the data breach alone, victims could be eligible to claim for any distress caused, whether this is low-level stress, or a significant psychological injury. In addition, if victims have fallen prey to scams or fraud, it is possible to recover compensation to reimburse them for any financial losses suffered.

If it can be proven that a data protection error or an avoidable cybersecurity weakness caused the MGM Resorts data breach, the company could be forced to pay out significant compensation.

Instructing the right lawyers

All victims seeking to claim compensation for the MGM Resorts data breach should make sure to instruct experienced lawyers to make sure that their claim has the best chance of success. With data breach case experience stretching back to 2014, Your Lawyers – the Data Leak Lawyers – is a leading law firm in this complex area of law. We are also currently sitting on the Steering Committee for one of the largest UK data breach group actions in history, against the airline British Airways.

As travel and tourism companies continue to succumb to data breaches, we possess the expertise to hold these companies to account for their data protection failures.

Contact us today to receive free, no-obligation advice on your potential claim.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.


Ransomware healthcare attacks
Malicious email data breaches