[BreachExchange] MGM Resorts sued over data breach that possibly involved 10.6 million guests

[Destry Winant]

https://www.reuters.com/article/us-mgm-resorts-intl-cyber-lawsuit/mgm-resorts-sued-over-data-breach-that-possibly-involved-10-6-million-guests-idUSKCN20G062

(Reuters) - U.S. casino operator MGM Resorts International (MGM.N) has
been sued over a data breach last year, which the company confirmed
earlier this week and which reportedly involved details of over 10.6
million hotel guests.

The lawsuit was filed by law firm Morgan & Morgan, whose lawyer John
Yanchunis has also represented some Yahoo users in a breach of 3
billion accounts between 2013 and 2016.

MGM Resorts said on Thursday that last summer it “discovered
unauthorized access to a cloud server that contained a limited amount
of information for certain previous guests”.

The majority of information exposed related to the names of guests and
their phone numbers, a company spokesman had said, without confirming
the exact number of guests affected.

Technology website ZDNet reported that the personal details of more
than 10.6 million guests who stayed at MGM Resorts hotels were
published on a hacking forum this week.

The details in the leaked files reportedly included information on
celebrities, chief executives of technology companies, reporters and
government officials.

Morgan & Morgan filed its lawsuit on Friday as a “complaint for
damages” and “injunctive relief”, according to the filing at the U.S.
District Court for the District of Nevada.

Yanchunis has previously been associated with several other data
breach lawsuits, including against credit reporting agency Equifax
(EFX.N) over its 2017 breach of nearly 150 million Americans and
against Facebook Inc (FB.O) and political consulting firm Cambridge
Analytica for obtaining information belonging to millions of Facebook
users without permission.