MGM Resorts International Sues FTC Over Due Process Concerns Amid Cyberattack Investigation

16.04.2024

MGM Resorts International has initiated a legal battle against the Federal Trade Commission (FTC) and its Chairwoman, Lina M. Khan, alleging violations of its Fifth Amendment rights to due process.

This lawsuit, filed in the U.S. District Court for the District of Columbia, stems from the FTC’s investigation into a cyberattack on MGM in September, which reportedly cost the company approximately $100 million.

Allegations of Conflict of Interest and Due Process Violations

The lawsuit highlights a four-count action where MGM accuses the FTC of not adhering to its own conflict-of-interest guidelines and compromising the casino operator’s right to a fair hearing.

Central to MGM’s claims is the involvement of FTC Chairwoman Khan and a senior aide who were present at MGM Grand Las Vegas during the cyberattack.

MGM argues that their presence and subsequent experiences during the incident create a conflict of interest, particularly as Khan’s experience during the cyberattack has closely mirrored the voluminous requests in the FTC’s civil investigative demand (CID).

The FTC’s Civil Investigative Demand

In January, the FTC issued a CID to MGM, a type of administrative subpoena that allows federal agencies to gather extensive information from companies without court proceedings.

MGM contends that the demand is overly broad, seeking more than 100 different categories of information unrelated to the cyberattack, spanning multiple years. The company previously requested, unsuccessfully, an extension from the FTC to meet these demands.

MGM’s Legal Requests

In its lawsuit, MGM is seeking an injunction to halt the FTC’s CID unless Chairwoman Khan disqualifies herself from the case. Furthermore, MGM has requested the court to deem the FTC’s recusal rules unconstitutional and assert that MGM should not be classified as a financial institution under FTC rules concerning identity theft and customer data protection.

Additionally, the lawsuit is pressing for reimbursement of court costs and other unspecified damages. It also seeks to establish a reasonable deadline for filing the CID, should the FTC be allowed to proceed with its investigation.

During the September cyberattack, MGM’s computer systems were severely disrupted, affecting slot machines, room access via smartphones, and credit-card payment systems, which had to be processed manually. The incident, which led to MGM refusing to pay a ransom as directed by federal investigators, also inconvenienced Khan and her aide, who were attending a conference in Las Vegas at the time.