Caesars Entertainment and MGM Resorts are facing five separate lawsuits in the wake of the recent cyber attack that hobbled operations at both companies. Four of the lawsuits name both companies as defendants while the fifth names only Caesars Entertainment. Though all the lawsuits are likely to be settled long before they ever see the inside of a courtroom, they add to the headache and expense caused by the attack.
All five lawsuits are based on, basically, the same premise; that Caesars and MGM failed to protect customer data from hackers; that both companies knew the risks of failing to protect customer data; and that that plaintiffs face additional risks now that their hacked data is available for sale on the dark web. 8 News Now, a Las Vegas news show, reports that four of the lawsuits specifically say, “The PII (personally identifiable information) of individuals remains of high value to criminals, as evidenced by the prices they will pay through the dark web. Numerous sources cite dark web pricing for stolen identity credentials.”
The fifth lawsuit, which was filed against Caesars by a long-time Caesars Rewards members Thomas McNicholas and Laura McNicholas states, “Caesars owed a duty to Plaintiffs and Class members to exercise reasonable care in safeguarding and protecting the PII in Caesars’s possession, custody, or control.”
Last week’s cyber attack on the two gaming and resort operators had a huge impact on daily operations and left everything from slot machines to electronic door locks in chaos. Impact at Caesars’ properties was lessened by the fact that the company paid out a multi-million dollar ransom, but the company was hit with lawsuits all the same.
Given the success of this recent attack, it seems likely that other operators will be hit with the same types of attacks…if they haven’t already.