The settlement, which was reached on Jan. 21, is pending approval by a Las Vegas federal court with a ruling expected on June 18. The breaches altogether compromised the data of more than 37 million customers.According to the settlement, the 2019 incident involved the theft of customer names, addresses, and phone numbers, with some of the stolen data later surfacing on a cybercrime forum. The 2023 ransomware attack had a more severe impact, causing significant operational disruptions at MGM’s Las Vegas properties for several weeks and leading to over $100 million in losses. Hackers also obtained sensitive data, including Social Security and passport numbers.