MGM Resorts International and the Federal Trade Commission (FTC) are ending a contentious legal dispute over a cyberattack that led to the loss of roughly $100 million.
According to documents filed in the U.S. District Court for the District of Nevada, the FTC and MGM Resorts have agreed to dismiss a lawsuit filed by the FTC demanding a civil investigation into MGM Resorts following its well publicized data breach in September 2023. The cyberattack impacted MGM Resorts’ operations nationwide with temporary shutdowns of its website, gaming floors and other operational systems in markets including Las Vegas.
The commission had a first-hand experience with the cyberattack as former FTC Chair Lina M. Khan was on-site at an MGM Resorts property during the data breach. Khan and an aide were asked to provide written personal information leading to security questions.
As a result of the cyberattack, MGM Resorts lost $100 million, per an SEC filing, and saw the FTC issue a Civil Investigation Demand (CID) to ensure the protection of the personal information that was compromised in the data breach. MGM Resorts responded to the demand by filing petitions to dismiss the CID requests, which were denied by the FTC.
The FTC believed MGM Resorts failed to comply with consumer protection laws.
MGM Resorts later sued the FTC in the D.C. District Court arguing that the CID did not apply to casinos and are specifically for “financial institutions” and “credit-extending institutions.” MGM Resorts also argued that Khan created a conflict of interest.
