A PYMNTS Company

MGM Files Suit Against FTC and Chair Khan Over Handling of Cyber Attack

 |  April 16, 2024

On April 15th, MGM Resorts International lodged a lawsuit in Washington’s federal court against the Federal Trade Commission (FTC) and its Chair, Lina M Khan. The legal action stems from the aftermath of a significant cyber attack on MGM’s systems in September of last year, which led to disruptions across its U.S. properties, impacting access to hotel rooms and slot machines.

Scattered Spider, a hacker group, claimed responsibility for the attack shortly after its occurrence and issued threats of further assaults on MGM’s infrastructure if their demands for payment were not met, according to Reuters.

The lawsuit seeks “injunctive and declaratory relief” against the FTC, with MGM alleging that actions taken by the commission and Chair Khan violated its rights under the due process clause of the Fifth Amendment. This clause guarantees entities subject to government actions a fair hearing before an impartial tribunal and ensures equitable treatment under the law, as reported by Reuters.

Media reports referenced in the suit revealed that Lina Khan, accompanied by an unnamed senior aide, was staying at one of MGM’s Las Vegas properties during the cyber attack. With MGM’s IT systems offline, a Bloomberg report disclosed that a staff member requested Khan and her team to provide credit card information on paper.

Read more: EU Set To Approve Amazon’s $8.5B MGM Buy

Following this incident, Khan inquired about MGM’s data security protocols in light of the attack. However, the employee reportedly indicated a lack of knowledge on the matter.

The FTC initiated an investigation subsequent to this exchange, issuing a Civil Investigative Demand (CID) on January 25, 2024, seeking information regarding MGM’s data security practices spanning various categories preceding the cyber attack.

In the wake of the cyber incident, MGM estimated a $100.0 million impact on its adjusted property EBITDAR for the third quarter, although the company reported record revenue of $3.97 billion for the same period. During the presentation of its Q3 results, CEO Bill Hornbuckle described MGM’s ordeal as having gone “to hell and back” due to the attack, Reuters reported.

Notably, Caesars Entertainment also fell victim to a cyber attack in September, with its loyalty program database compromised as part of the breach.

Source: Reuters