MGM Resorts is shelling out $45 million to settle over a dozen lawsuits tied to major cyberattacks that exposed the personal data of millions of customers. The settlement, filed in court earlier this year, comes after two separate breaches rocked the hotel and casino giant.

The first breach happened back in 2019, when hackers swiped sensitive info like names, addresses, and phone numbers from MGM’s systems. The company confirmed the leak in 2020 after the stolen data popped up on a cybercrime forum. Fast forward to 2023, and MGM faced another cyberattack. This time, ransomware wreaked havoc on its operations, causing weeks of chaos across properties like the Bellagio and Aria. The hackers also snagged Social Security and passport numbers from customers. These disruptions reportedly cost MGM over $100 million.

Court documents reveal that both breaches impacted more than 37 million people. While MGM hasn’t officially disclosed the number of affected customers, the settlement aims to compensate victims. Those who file claims could get up to $75, depending on the type of data stolen. About 30% of the $45 million will go toward covering legal fees.

A federal court in Las Vegas is set to decide on the settlement by June 18. MGM has stayed tight-lipped about the details, with spokesperson Brian Ahern not responding to requests for comment.

This hefty payout is a stark reminder of the rising costs of cyberattacks—and the importance of protecting customer data. Stay tuned for updates as the case unfolds.