
Another data-breach bill comes due
MGM Resorts is back in the legal hot seat, this time over a proposed $4 million settlement tied to Canadian customers affected by data breaches in July 2019 and September 2023. The incidents allegedly touched more than 37 million customers, which is a wild number when you stop and picture how many people had their info floating around like a loose Post-it note.
What the deal looks like
Eligible Canadians can claim compensation for losses tied to the breaches:
- Up to $20,000 for substantiated losses per approved claim
- Up to $150 for one incident, or $300 for both incidents, for unsubstantiated losses
There’s also a settlement approval hearing scheduled for May 25, so this isn’t fully buttoned up yet. MGM says it denies all allegations and liability, and — classic legal posture — the settlement is framed as a way to avoid the cost and uncertainty of dragging it out in court.
Why investors should care
For MGM, this isn’t the kind of news that changes tomorrow’s revenue number. But it does keep the company’s cyber-risk story on the front page, which matters when you’re trying to look like a polished hospitality and gaming operator instead of the star of a password-reset nightmare.
Big picture: settlements like this usually won’t move the stock by themselves, but they’re another reminder that old breaches can keep bleeding time, money, and management attention long after the headlines fade.
