iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
A flush of class action lawsuits has been filed against MGM Resorts and Caesars Entertainment following the cyber incidents both companies faced earlier this month.
Four class actions were filed on Thursday (21 September) by two law firms, two against MGM Resorts and two against Caesars, on behalf of individual customers Tonya Owens and Emily Kirwan against MGM, and Paul Garcia and Alexis Giuffre against Caesars.
The lawsuits allege that neither MGM nor Caesars adequately disclosed the breaches to their customers and left them vulnerable to other potential risks. The lawsuits also suggest that the companies failed to properly secure the data of their customers and put them at risk of identity theft.
A fifth lawsuit was then published on Friday (22 September), representing an Illinois couple that had been members of the Caesars Rewards Program for over two decades, alleging a breach of contract with every customer whose personal data was compromised in the breach.
The MGM and Caesars incidents came as a result of an attack on identity management company Okta by a subgroup of the notorious ALPHV (aka BlackCat) ransomware group called Scattered Spider, requiring the organisation to take down several of its systems, affecting the operations of its casinos and resorts.
One report suggested that the hackers had aimed to make the slot machines spit money for “mules to gamble and milk the machines”.
All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk.
— vx-underground (@vxunderground) September 13, 2023
A company valued at $33,900,000,000 was defeated by a 10-minute conversation.
While there is nothing to say whether MGM has paid ransom, a report by The Wall Street Journal claims that Caesars paid roughly half of the $30 million the hackers demanded in ransom payments.
ALPHV reportedly gained access to the super administrator privileges of the Okta environment within MGM Resorts, as well as the Azure tenant’s global admin privileges.
The FBI said it had launched an investigation into the MGM incident with the assistance of the Cybersecurity and Infrastructure Security Agency. Okta had also said it would be assisting.
MGM Resorts has suffered cyber attacks in the past after the data of over 10.6 million guests was stolen by hackers in 2019. The data was then posted online the next year.
Be the first to hear the latest developments in the cyber industry.
