FTC Returns Fire in MGM Cyber Attack Legal Tussle


Barely a week after casino behemoth MGM Resorts International propelled a lawsuit at the Federal Trade Commission (FTC), aiming to shroud their records pertaining to the 2023 cyber onslaught that gored the company’s financial blanket, the regulator has retaliated by launching a counterpetition. Its objective? To make the casino titan submit to a civil investigative demand (CID).

The central event here transpired on the battlefront provided by the US District Court in Nevada. It saw the FTC reinforcing its boundaries around the scrutinous investigation of the September 2023 cyber breach that depleted the coffers of the Bellagio operator by a staggering $100 million in third-quarter earnings. Not forgetting the additional $10 million paid in singular legal and sundry expenses.

Follow us on Google News! ✔️

Countering the FTC’s CID, the Las Vegas-based MGM had previously tried to usurp the regulator’s efforts, contending that compliance could undermine existing law enforcement probes into the cyber breach. Add to that, MGM argued that the regulatory body’s execution of the “Red Flags Rule” and the “Safeguards Rule” were unwarranted; since these usually apply to financial services firms, MGM claimed immunity. But the FTC was nobody’s fool.

Claiming the lion’s share of jurisdiction, the FTC asserted its prerogative to demand disclosure of data and records associated with the cyber onslaught. The regulator pressed the court to enforce the CID to which MGM had so pointedly turned a blind eye.

Stacking up the legal stances for an MGM agreement, the FTC stated that the CID requisition was unshakeably within its realm of authority. They hold fast to the belief that every prerequisite under the relevant legal framework has been duly addressed in their appeal for MGM’s collaboration.

MGM’s lack of compliance, according to the FTC, stems from a baseless standpoint. The casino behemoth’s allegation of immunity from the “Red Flags Rule” and the “Safeguards Rule,” the FTC contends, lacks substance. Furthermore, the FTC maintains that it reserves the right to probe into whether MGM’s business dealings align them more with a financial institution or a creditor under the given rules.

Such a chasm has indeed formed, deepening between the FTC and MGM, with the court presided over by each respective legal iteration. The current serving FTC Chairwoman Lina Khan, ironically, was a guest of MGM Grand in Las Vegas at the height of the cyber attack. Despite MGM’s insistence on her recusal from the case, she shows no signs of stepping back.

MGM’s contention that the FTC’s collection of data and documents is excessively broad, cumbersome, and time-consuming is simply dismissed by the latter. According to the FTC, even a substantial effort does not equate to unjust disruption or severe hindrance of ordinary business proceedings. The onus on MGM, as per the filing, is consistent with what would be expected of anyone subjected to a compulsory process. The saga continues.