In an ongoing battle for information, the FTC has filed a petition in the U.S. District Court in Nevada to force MGM to respond to a civil investigation demand (CID). The CID was issued in January and concerns the cyberattack waged against the casino company in September.
“Judicial enforcement is necessary so that FTC staff may thoroughly and expeditiously conduct its investigation,” the FTC stated. “The FTC respectfully asks this court to issue an order requiring MGM to appear and show cause why it should not comply with the CID and thereafter grant the FTC’s petition and enter an order compelling MGM to produce the documents and information specified in the CID.”
In April, MGM sued the FTC to prevent the agency from investigating the data breach. In that lawsuit, MGM argued that it should not be subject to the FTC probe because it is not a financial institution. MGM also argued that the FTC commissioner Lina Khan should recuse herself from the case.
As it turns out, Kahn was a guest at one of MGM’s properties during the attack. The attack significantly impacted MGM’s operations, hampering ATM use, reception and gambling. To check in, MGM requested Kahn write down her credit card number of a slip of paper, leading the Commissioner to worry about how MGM was safeguarding data during the breach.
The breach was sizable, costing MGM roughly $100 million to its Adjusted Property EBITDAR. In an SEC filing, however, MGM stated that it would not likely have a material effect on its 2023 financial condition.
If this latest petition is granted, the FTC is asking that MGM respond to the CID within 10 days from when the court order is issued.