MGM Resorts sued over data breach that possibly involved 10.6 million guests

By Kanishka Singh

(Reuters) – U.S. casino operator MGM Resorts International <MGM.N> has been sued over a data breach last year, which the company confirmed earlier this week and which reportedly involved details of over 10.6 million hotel guests.

The lawsuit was filed by law firm Morgan & Morgan, whose lawyer John Yanchunis has also represented some Yahoo users in a breach of 3 billion accounts between 2013 and 2016.

MGM Resorts said on Thursday that last summer it “discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests”.

The majority of information exposed related to the names of guests and their phone numbers, a company spokesman had said, without confirming the exact number of guests affected.

Technology website ZDNet reported that the personal details of more than 10.6 million guests who stayed at MGM Resorts hotels were published on a hacking forum this week.

The details in the leaked files reportedly included information on celebrities, chief executives of technology companies, reporters and government officials.

Morgan & Morgan filed its lawsuit on Friday as a “complaint for damages” and “injunctive relief”, according to the filing at the U.S. District Court for the District of Nevada.

Yanchunis has previously been associated with several other data breach lawsuits, including against credit reporting agency Equifax <EFX.N> over its 2017 breach of nearly 150 million Americans and against Facebook Inc <FB.O> and political consulting firm Cambridge Analytica for obtaining information belonging to millions of Facebook users without permission.

(Reporting by Kanishka Singh in Bengaluru; Editing by Kim Coghill)

tagreuters.com2020binary_LYNXNPEG1L03H-BASEIMAGE