MGM Resorts Class Action Lawsuit, $75 Breach Payments Are Going Out—Don’t Miss Yours

Your MGM Breach Payment: What You Need to Do Right Now

MGM sent out settlement payments on December 12, 2025, to customers hit by data breaches in 2019 and 2023. Payments range from $20 to $75 depending on what info got stolen—Social Security numbers got the highest payout at $75.

If you filed a claim before June 3, 2025: Your payment hit December 12 via the method you picked. Check your mailbox or bank account now.

If you didn’t file a claim: The deadline passed June 3, 2025. The settlement is closed—you can’t file now.

If you filed but didn’t get paid: Call the settlement administrator immediately at 1-888-899-8358. Have your claim confirmation ready.

If you got the payment but want to enroll in credit monitoring: Check your email for enrollment instructions sent December 16, 2025. You get 1 year free monitoring with $1 million fraud insurance.

Payment Amounts: Who Gets What From the $45 Million Settlement

The $45 million settlement pays affected MGM customers different amounts based on the sensitivity of data exposed:

Tier 1 Payment: $75

• Social Security number exposed
• Military identification number exposed

Tier 2 Payment: $50

• Passport number exposed
• Driver’s license number exposed
• Not also in Tier 1

Tier 3 Payment: $20

• Name exposed
• Address exposed
• Date of birth exposed
• Not also in Tier 1 or 2

Documented Loss Payment: Up to $15,000 Claimants who provided documentation of actual financial losses from the breaches can receive up to $15,000 in reimbursement for:

• Fraud losses
• Identity theft expenses
• Professional fees (attorneys, accountants)
• Credit monitoring costs
• Time spent dealing with the breach (up to $25/hour, max 10 hours)
• Other documented losses

Financial Account Monitoring: 1 Year Free All approved claimants get one year of three-bureau credit and financial account monitoring with at least $1 million in fraud insurance coverage.

What Were the MGM Resorts Data Breaches?

MGM Resorts suffered two separate cyberattacks that exposed millions of customers’ personal information:

July 2019 Breach: Hackers infiltrated MGM’s systems and downloaded a massive database containing customer information. The stolen data was later found posted for sale on hacking forums.

September 2023 Breach: A “cybersecurity issue” forced MGM to shut down casino and hotel computer systems across the U.S. at properties including MGM Grand, Bellagio, Aria, Cosmopolitan, New York-New York, Park MGM, Excalibur, Luxor, and Mandalay Bay.

Data Exposed Included:

• Names
• Addresses
• Phone numbers
• Email addresses
• Dates of birth
• Driver’s license numbers (some customers)
• Passport numbers (some customers)
• Social Security numbers (some customers)
• Military identification numbers (some customers)

The same hackers who hit MGM also attacked Caesars Entertainment in 2023.

Who Qualified for the MGM Settlement Payments?

The settlement covered all U.S. residents whose private information was compromised in either the 2019 or 2023 breach and who received a data breach notice from MGM Resorts.

Eligibility Requirements:

• Personal information compromised in July 2019 and/or September 2023 breaches
• Received official notice from MGM about the data breach
• U.S. resident
• Filed valid claim by June 3, 2025

If you stayed at any MGM property around those dates and received a notice, you were likely eligible. MGM owns major Las Vegas properties including:

• MGM Grand
• Bellagio
• Cosmopolitan
• Aria
• New York-New York
• Park MGM
• Excalibur
• Luxor
• Mandalay Bay
• Delano

Current Status: Payments Sent, Claims Closed

December 12, 2025: Cash payments sent to approved claimants via their requested payment method (check or electronic payment)

December 16, 2025: Financial account monitoring enrollment emails started going out

June 3, 2025: Claim deadline passed (closed)

June 18, 2025: Federal Judge Gloria M. Navarro granted final approval

May 19, 2025: Deadline to opt out or object (passed)

February-April 2025: Settlement notices mailed and emailed to class members

The settlement is now in the distribution phase. All valid claims filed before the June 3 deadline have been processed and payments were sent December 12, 2025.

Didn’t Get Your MGM Payment? Here’s Exactly What to Do

Step 1: Check if you actually filed a claim The biggest reason people didn’t get paid is they never submitted a claim form. Even if MGM sent you a breach notice, you had to fill out the claim by June 3, 2025. No claim filed = no payment.

Step 2: Look for your payment based on what you chose

• Picked check: Look in your mailbox. Mailed December 12 from Portland, OR.
• Picked electronic payment: Check your bank account or PayPal.
• Can’t remember: Call 1-888-899-8358 to ask how your payment was sent.

Step 3: Verify your claim went through Call the settlement administrator at 1-888-899-8358 and give them:

• Your Unique ID and PIN (from the original notice you got)
• Full name and address
• Confirmation number if you saved it when filing

Step 4: If your claim was valid but you can’t find payment Contact them immediately:

• Phone: 1-888-899-8358 (fastest option)
• Mail: MGM Data Incident Litigation Settlement Administrator, P.O. Box 3020, Portland, OR 97208-3020

Step 5: Wrong address or closed account? If you moved or closed your bank account since filing, call right away. They may need to reissue your payment.

Step 6: Your claim got rejected They’ll tell you why when you call. Common reasons:

• Filed after June 3, 2025 deadline
• Missing the Unique ID/PIN from your notice
• Couldn’t verify you were actually in the breach
• Didn’t provide proof for documented loss claims

Case Details: Tonya Owens v. MGM Resorts International

Court: U.S. District Court for the District of Nevada

Case Number: In re MGM International Resorts Data Breach Litigation, Case No. 2:20-cv-00371-GMN-EJY

Judge: Honorable Gloria M. Navarro

Plaintiffs’ Allegations: MGM Resorts failed to implement reasonable data security measures to protect customer information, making it vulnerable to cyberattacks. The lawsuits claimed MGM did not act quickly enough to address vulnerabilities or notify affected individuals in a timely manner.

MGM’s Position: MGM has not admitted any wrongdoing but agreed to the $45 million settlement to avoid the costs and risks of continued litigation.

Settlement Terms:

• Total fund: $45 million
• Attorney fees: Up to 30% of settlement fund
• Service awards: $10,000 each for class representatives who gave depositions, $3,500 for others
• Unclaimed funds: Donated to UNLV Cyber Clinic (nonprofit supporting cybersecurity education)

Lead Attorneys in the Case

John A. Yanchunis Morgan & Morgan Complex Litigation Group Lead attorney who secured the settlement on behalf of millions of MGM customers

Douglas J. McNamara Cohen Milstein Co-Lead Interim Class Counsel who stated: “On behalf of millions of MGM Resort customers, I’m very pleased with this settlement. The hotel and entertainment industries are particularly desirable targets for hackers.”

Other Class Counsel:

• E. Michelle Drake, Berger Montague PC
• J. Gerard Stranch IV, Stranch, Jennings & Garvey PLLC
• Gary M. Klinger, Milberg Coleman Bryson Phillips Grossman PLLC
• Eric M. Roberts, DLA Piper LLP (US)

What This Settlement Means for Data Breach Victims

The MGM settlement represents one of the larger recent data breach payouts and establishes important precedents:

Tiered Payment Structure The settlement recognizes that different types of exposed data carry different risks. Social Security numbers pose greater identity theft risk than names and addresses, justifying higher payments.

Documented Loss Reimbursement Victims who can prove actual financial harm can recover up to $15,000, covering everything from fraud losses to time spent resolving issues.

Free Credit Monitoring One year of comprehensive credit monitoring with $1 million insurance helps affected customers detect and address potential fraud early.

Corporate Accountability The $45 million settlement sends a message to hospitality and gaming companies about the cost of inadequate data security.

Rapid Attack Frequency The fact that MGM suffered two major breaches in four years (2019 and 2023) highlights ongoing cybersecurity challenges in the hospitality industry. The same attackers hit Caesars Entertainment, showing coordinated targeting of gaming companies.

How the Settlement Process Worked

Step 1: Class Certification Court consolidated multiple lawsuits into a multi-district proceeding in Nevada.

Step 2: Mediation and Negotiation After extensive mediation, parties reached a $45 million settlement agreement.

Step 3: Preliminary Approval Court granted preliminary approval, allowing notices to be sent.

Step 4: Notice Period February-April 2025: Settlement administrator sent notices via email and postcard to identified class members.

Step 5: Claim Filing Class members had until June 3, 2025, to submit claims online or by mail using Unique ID and PIN from notices.

Step 6: Objection/Opt-Out Period Deadline May 19, 2025. Court received only one objection, which was dismissed as untimely.

Step 7: Final Approval Hearing June 18, 2025: Judge Navarro granted final approval of the settlement.

Step 8: Claims Processing Settlement administrator reviewed and approved valid claims.

Step 9: Payment Distribution December 12, 2025: Payments sent to approved claimants.

Protecting Yourself After a Data Breach

Even if you received a settlement payment, the exposed data remains permanently compromised. Take these steps:

Monitor Your Credit Reports Check all three credit bureaus regularly for suspicious activity. You’re entitled to free reports at AnnualCreditReport.com.

Freeze Your Credit Consider placing a security freeze with Equifax, Experian, and TransUnion to prevent new accounts from being opened in your name.

Watch for Phishing Scammers use breached data for targeted phishing attempts. Be suspicious of emails or calls claiming to be from banks, government agencies, or companies.

Change Passwords If you reused your MGM account password elsewhere, change those passwords immediately.

File Your Taxes Early Identity thieves can file fraudulent tax returns using stolen Social Security numbers. Filing early prevents this.

Consider Identity Theft Protection The settlement provides one year of monitoring. Consider continuing this service at your own expense after it expires.

Frequently Asked Questions

When were MGM data breach settlement payments sent out?

Payments for approved claims were sent December 12, 2025, via the payment method requested on claim forms (check or electronic payment). Financial account monitoring enrollment emails started going out December 16, 2025.

How much are people receiving from the MGM settlement?

Payment amounts vary by data exposed: $75 for Social Security or military ID numbers, $50 for passport or driver’s license numbers, $20 for name/address/date of birth. Those who documented financial losses can receive up to $15,000.

Can I still file a claim for the MGM data breach settlement?

No. The claim deadline passed on June 3, 2025. The settlement is now closed to new claims and payments have already been distributed to those who filed valid claims before the deadline.

I received a notice but didn’t file a claim. What can I do?

Nothing at this point. The June 3, 2025, deadline has passed and the settlement is closed. You cannot file a new claim or receive payment if you didn’t submit a valid claim before the deadline.

How do I know if my claim was approved?

If you filed a valid claim before June 3, 2025, you should have received payment on December 12, 2025. If you believe you filed but didn’t receive payment, contact the settlement administrator at 1-888-899-8358.

What was exposed in the MGM data breaches?

Data exposed included names, addresses, phone numbers, email addresses, dates of birth, and for some customers, driver’s license numbers, passport numbers, Social Security numbers, and military identification numbers.

Why did some people get $75 while others got $20?

Payment amounts were tiered based on the type of data exposed. Social Security and military ID numbers pose the highest identity theft risk, so those payments were $75. Basic information like name and address received $20.

What if I need help with my payment card or electronic payment?

Contact the settlement administrator immediately at 1-888-899-8358 if you’re experiencing issues with your payment.

Were MGM properties other than Las Vegas included?

Yes. The settlement covers all U.S. residents whose information was compromised in the breaches, regardless of which MGM property they visited. MGM operates hotels and casinos in Las Vegas, other U.S. locations, Macau, and Japan.

What happens to unclaimed settlement money?

Any unclaimed funds from the $45 million settlement will be donated to the UNLV Cyber Clinic, a nonprofit organization dedicated to supporting cybersecurity education and advocacy.

Settlement Administrator Contact:

MGM Data Incident Litigation Settlement Administrator
P.O. Box 3020
Portland, OR 97208-3020
Phone: 1-888-899-8358
Website: www.MGMDataSettlement.com

Court Information:

U.S. District Court for the District of Nevada
Case No.: 2:20-cv-00371-GMN-EJY
Judge: Honorable Gloria M. Navarro

This settlement is now closed. The information provided reflects the final approved settlement terms and payment distribution status as of December 2025. For questions about payments already sent, contact the settlement administrator.

Last Updated: December 13, 2025

About the Author

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah