Another lawsuit filed against Caesars Entertainment alleges the gaming company failed to protect customer data during a cyberattack.
A sixth class-action complaint in the U.S. District Court in Nevada — filed just a day after details of the breach became public — argues that Caesars failed to protect the personal identifiable information of loyalty program customers whose data may have been compromised during separate attacks made public this month.
The lawsuit filed by Morgan & Morgan, a Florida-based practice; Kuzyk Law, a California-based practice; and local attorney Miles Clark on Sept. 15 alleges that the company knew of the risks associated with a data breach and failed to provide adequate notice to the customers that could have been harmed.
“Simply put, Defendant impermissibly left Plaintiff and Class Members in the dark—thereby causing their injuries to fester and the damage to spread,” attorneys wrote in the complaint.
The plaintiff is Miguel Rodriguez, a California resident and member of the Caesars Rewards loyalty program, according to the suit.
Caesars did not respond to a request for comment. Neither did attorneys for Rodriguez.
Five other class-action lawsuits filed in the same court within a week of this lawsuit make similar, though not exact, allegations. The law firms Stranch, Jennings and Garvey PLLC, a Las Vegas practice, and Kopelowitz Ostrow Ferguson Weiselberg Gilbert, a Florida practice, filed four lawsuits — two against Caesars and two against MGM — on Thursday. A fifth lawsuit was filed Friday against Caesars by Reno-based O’Mara Law Firm and Chicago-based Barnow and Associates.
The law firms, which represent plaintiffs living in various states across the country, declined to comment or didn’t respond to requests for comment. Both MGM and Caesars did not respond to requests for comment on those cases.
The six lawsuits allege the companies knew or should have known the importance of safeguarding the personal information it held, and that they failed to comply with Federal Trade Commission guidelines and industry standards. The plaintiffs allege they are now more vulnerable to identity theft.
Caesars publicly detailed a social engineering cyberattack on the company in a Securities and Exchange Commission filing on Sept. 14. The company said a Sept. 7 investigation determined an attacker acquired a copy of the Caesars Rewards loyalty program database, which includes driver’s license and Social Security numbers.
Joe Regalia, an associate professor at UNLV’s William S. Boyd School of Law, said the six class-action lawsuits — filed so quickly after the data breaches became public — are not unexpected. Plaintiff attorneys often specialize in class action or cybersecurity work and can quickly put together a complaint.
“Just filing a complaint when there is a lot of publicity around a situation, it can create a favorable settlement situation right before you even move the case further forward,” Regalia said.
Regalia said if the cases move to discovery, it could provide better insight into how the companies responded to the data breaches and if the responses warranted negligence.
“I think what’ll be very important to see is what the defendants’ response is when it comes to what they did or didn’t do,” he said. “The plaintiffs don’t have much on that front. It’s mostly about, ‘they needed to do things. They needed to take all these steps,’ and then allegations about knowledge.”