Pa. Attorney Files Fraud Class Action Vs. MGM Resorts, Caesars Following Cyberattack

Pennsylvania personal injury attorney Saul Lassoff filed a fraud complaint Monday (docket 1:23-cv-20419) in U.S. District Court for New Jersey in Camden on behalf of himself, his wife Shirley and a proposed class of MGM Resorts International and Caesars Entertainment customers whose personal data was “negligently mishandled” since March 1. Lassoff investigated news articles, public filings, press releases and "other matters of public record” in preparation for his class action, it said. The Lassoffs, Pennsylvania residents, were MGM Resorts and Caesars Entertainment loyalty customers during the class period when their names, address, Social Security and driver’s license numbers, bank account and credit card information were mishandled, said the complaint. Defendants notified plaintiffs Sept. 7 that their personal information had been compromised, and instructed them to file fraud alerts with the Pennsylvania Dept. of Motor Vehicles, their credit card company and national credit bureaus; order a credit report; register for credit monitoring; contact the FTC; file a local police report; and close affected bank accounts, the complaint said. The required tasks were “extremely burdensome and time consuming for Plaintiffs to complete" and required over six hours over several days, it said. Plaintiffs didn’t specify the nature of the breach, but a Sept. 7 Caesars Entertainment SEC filing referenced “recently identified suspicious activity in its information technology network resulting from a social engineering attack on an outsourced IT support vendor.” Reuters reported Thursday that the Scattered Spider hacking group claimed responsibility, saying it stole 6 terabytes of data from the defendants. The company’s “customer-facing operations, including our physical properties and our online and mobile gaming applications, have not been impacted by this incident and continue without disruption,” said Caesars' filing. But news reports showed frozen slot machines at the MGM casino in Las Vegas over the weekend and reports circulated about malfunctioning electronic key cards. The New York Post reported Monday that MGM had entered its eighth day of “cybersecurity issues” that “silenced slot machines and shut down internal computer systems,” costing the company up to $8.4 million per day in revenue. A Sept. 12 MGM Resorts news release said the company "recently identified a cybersecurity issue” affecting certain company systems. “Promptly after detecting the issue, we began an investigation with assistance from leading external cybersecurity experts,” said the company, which notified law enforcement and is “taking steps to protect our systems and data, including shutting down certain systems.” The company's investigation is “ongoing,” it's working “diligently to resolve the matter” and it will continue to implement measures to secure its business operations “and take additional steps as appropriate." The Lassoffs assert claims of breach of fiduciary duty and negligence. They seek an award for themselves and the class of compensatory damages for all damages sustained as a result of defendants’ wrongdoing, pre- and post-judgment interest “from the date of entry until the date of satisfaction,” plus legal fees and costs.