MGM Sues FTC To Block Probe Into 2023 Data Breach

Although the online sportsbook reportedly remained unaffected by the breach, certain BetMGM-branded betting kiosks at retail properties were impacted.

Grant Leonard - News Editor at Covers.com
Grant Leonard • News Editor
Apr 17, 2024 • 12:18 ET • 4 min read
Stuart Fairchild Cincinnati Reds MLB
Photo By - USA TODAY Sports

Reuters reported that MGM Resorts International filed a lawsuit in federal court on Monday, hoping to block the U.S. Federal Trade Commission from investigating the fallout from a September 2023 cyberattack that allowed “criminal actors” to obtain customer data. 

MGM argues that it should not be subject to FTC rules governing consumer financial data because it is not a financial institution. The lawsuit also asserts that FTC Commissioner Lina Khan should recuse herself from the case because she was reportedly a guest at one of MGM’s Las Vegas properties during the attack, which makes her personally involved in the matter. 

“As the most high-profile person involved in the events at issue — and the only such person widely identified by name in press reports — Chair Khan is both a potential civil plaintiff and a potential witness,” the lawsuit alleges. 

The cyberattack allegedly inconvenienced Khan and an unnamed senior aide. The lawsuit cites press reports that claim since IT systems were unavailable to check Chair Khan into the hotel, an MGM employee asked her to write her credit card information on a piece of paper. The leader of a federal agency governing financial regulation, Khan inquired as to exactly how MGM was managing the data security around the situation. 

Khan apparently did not get the response she desired that day, because the FTC launched a wide-reaching investigation on January 25 when it issued a Civil Investigative Demand (“CID”) seeking more than 100 categories of information from MGM. 

MGM made attempts in February to quash the CID and also have Chair Khan either disqualified or recused, but the FTC issued a single order denying both petitions on April 1. The lawsuit also alleges that this order deprives MGM of its rights under the Fifth Amendment “in several respects.” 

“The attack cost MGM dearly”

MGM's lawyers claim that “the aftershock of the cyberattack continues to reverberate months later” and that MGM is cooperating with the Federal Bureau of Investigation (FBI) to catch the perpetrators. 

According to a Securities and Exchange Commission filing in October, the part-owner of BetMGM said the cyberattack will cost around $100 million in adjusted property earnings before interest, taxes, depreciation, amortization, and rent (EBITDAR). However, it will not have a material effect on its finances. 

The online sportsbook was supposedly unaffected by the breach, but some BetMGM-branded sports betting kiosks at physical gaming properties did not come out unscathed. MGM also said in its SEC filing that it does not believe any customer passwords or banking information were compromised, and that there is no evidence the data obtained has been used for identity theft.

Pages related to this topic

Grant Leonard - Covers
News Editor

Grant is a former junior B ice hockey player, and a current believer that the Washington Capitals’ aging core still has another Cup run left in the tank. Grant’s owned and operated his own marketing agency since shortly after graduating from Virginia Tech in 2014. He pursued the profession because he figured it’d be a great way to get paid to do something he loves to do, write. After years of hammering puck lines and leading his fantasy football league as Commissioner, Grant started writing about sports betting and the casino gaming industry in 2021 and hasn’t looked back.

Popular Content

Legal Canadian sports betting

Best Canadian betting sites Ontario sports betting
Covers is verified safe by: Evalon Logo GPWA Logo GDPR Logo GeoTrust Logo Evalon Logo