MGM Sues FTC Over Probe of Casino Operator’s 2023 Cyberattack

MGM Resorts International (MGM) sued the Federal Trade Commission (FTC) and FTC Chair Lina Khan Monday over the regulator’s investigation into a cyberattack that hit the casino operator in September.

The lawsuit, filed in the U.S. District Court for the District of Columbia, reportedly claimed the FTC violated MGM’s Fifth Amendment rights of due process and equal treatment under the law. MGM said it wasn’t a financial institution and not governed by the FTC’s rules concerning consumer financial data.

The company argued that the probe stemmed from the fact that Khan happened to be a guest at one of the MGM properties in Las Vegas at the time of the attack. Because systems were down, Khan was asked to write down her credit card information. That led her to inquire about the way in which MGM was managing data security during the outage, which a desk clerk on duty couldn’t confirm.

MGM said in the court filing that on Jan. 25, the FTC filed a Civil Investigative Demand (“CID”) seeking a response to Khan’s unanswered question. It noted that the FTC cited two financial services regulations to justify the probe, “both of which are facially inapplicable to MGM.”

The company called the investigation unconstitutional. 

Shares of MGM Resorts rose 0.9% Monday to close at $42.85. They’ve lost 5.8% year to date.