LAS VEGAS (KLAS) — Five class action lawsuits filed against MGM Resorts International and Caesars Entertainment seek to punish the casino giants for failing to protect customers in September’s cyberattacks.
The companies were trusted with personally identifiable information (PII), and that trust was violated during highly publicized data breaches, the lawsuits allege.
The lawsuits allege that disclosures by the companies have been inadequate, and customers have no idea if they might be vulnerable to future problems related to the theft of their personal information. Victims believe their information has already been sold on the dark web.
Caesars and MGM should have known the risks of cyberattacks and put the customers at risk of identity theft by failing to properly protect their information, the lawsuits claim.
Four lawsuits were filed on Thursday — two against MGM Resorts and two against Caesars — by two Las Vegas law firms. Each of the four lawsuits names an individual customer — Tonya Owens (MGM), Emily Kirwan (MGM), Paul Garcia (Caesars) and Alexis Giuffre (Caesars) — and seeks class action status. The law firms behind those suits are Stranch, Jennings & Garvey, PLLC, and Kopelowitz Ostrow Ferguson Weiselberg Gilbert. Notably, one of the lawyers — Nathan R. Ring — is the husband of Nevada Senate Majority Leader Nicole Cannizzaro.
“The PII of individuals remains of high value to criminals, as evidenced by the prices they will pay through the dark web. Numerous sources cite dark web pricing for stolen identity credentials,” according to language in the four lawsuits.
“For example, PII can be sold at a price ranging from $40 to $200. Criminals can also purchase access to entire company data breaches from $900 to $4,500,” the four lawsuits say.
A fifth lawsuit — this one, just against Caesars Entertainment — was filed on Friday. It names plaintiffs Thomas McNicholas and Laura McNicholas, an Illinois couple who have been members of the Caesars Rewards Program for more than 20 years. That lawsuit was filed by The O’Mara Law Firm, P.C, of Reno, and Barnow and Associates, P.C., of Chicago.
“Caesars owed a duty to Plaintiffs and Class members to exercise reasonable care in safeguarding and protecting the PII in Caesars’s possession, custody, or control,” according to the lawsuit. It alleges a breach of contract with every customer who had personal data stolen in the breach.
While the fifth lawsuit doesn’t use the exact same language as the other four, they all seek monetary damages for the victims — actual, statutory and punitive damages, as well as restitution. They also seek any profits the companies obtained in using the compromised data.
The lawsuits also request assurances that it won’t happen again.
All five lawsuits seek a jury trial. They allege negligence, breach of contract and unjust enrichment.