72°F
weather icon Clear
Las Vegas, NV
Casinos & Gaming

MGM Resorts seeks to block FTC request for cyberattack data

MGM Resorts seeks to block FTC request for cyberattack data
Bellagio guests walk outside of the casino during technological issues at MGM Resorts Internati ...
Bellagio guests walk outside of the casino during technological issues at MGM Resorts International on Saturday, Sept. 16, 2023, in Las Vegas. (Las Vegas Review-Journal)
More Stories
A player inserts a coin into a machine within the revamped slots area called Slots A Fun which ...
These Vegas-area casinos still have coin-operated slots
The site of a planned new resort and arena formerly the ALL NET Resort & Arena project, south o ...
Plans emerge for Las Vegas’ tallest resort on former waterpark site
Tropicana was profitable right up until it closed, landowner says
Smoke free slot area is seen at the Plaza hotel and casino, on Thursday, June 8, 2023, in downt ...
Smoke-free casino advocates take fight to shareholders
By / Las Vegas Review-Journal
April 12, 2024 - 12:49 pm
 
Updated April 12, 2024 - 7:23 pm

MGM Resorts International is seeking to quash a Federal Trade Commission request for information on last fall’s cyberattack, saying the request is overreaching and contrary to the company’s efforts to assist federal law enforcement investigators.

The Las Vegas-based casino company — the state’s largest employer — filed the petition to quash or limit the FTC’s “civil investigative demand” (CID) on Feb. 20. The FTC seeks hundreds of pages of data that MGM says is irrelevant to the case and that it fears could be detrimental to the FBI’s investigation into who was responsible for the attack that crippled MGM’s computer systems for nine days beginning Sept. 10, affecting operations at all its properties nationwide and inconveniencing thousands of guests.

The case is complicated by reports that FTC Chairwoman Lina Khan and an unnamed senior aide were guests of the MGM Grand and attending a conference in Las Vegas at the time the cyberattack was being carried out. Khan’s check-in to the hotel was affected by the attack, and the aide told news outlets about having to write down credit card numbers during check-in.

An FTC representative had no comment on the filing and said in general the FTC does not comment on active investigations.

MGM officials issued an emailed statement Friday afternoon: “We’ve worked closely with federal law enforcement since the beginning of our cyber incident and, consistent with their guidance, refused to pay a ransom to the international criminal actors who perpetrated this act. We are extremely disappointed to now be the subject of this FTC investigation, which may not have occurred if we had taken the easy road and paid the ransom.”

The petition to the FTC details several reasons why the company is seeking to quash the request.

The FTC initially sought “reams of documents and information” from MGM on Jan. 25.

“The CID calls for the production of more than 100 different categories of information, spans multiple years with no relevance to the attack, and, perhaps most problematic of all, represents an unprecedented attempt by (FTC) staff to invoke the Safeguards Rule and the Red Flags Rule, which do not apply to MGM’s operations,” the petition says.

The “Red Flags Rule” requires financial institutions and creditors to create a written identity theft prevention program designed to identify, detect and respond to “red flags” indicating possible identity theft. The Safeguards Rule requires covered companies to develop, implement and maintain an information security program.

MGM met with the FTC on Feb. 6 and asked for a deadline extension to meet its information request.

The FTC refused.

On Feb. 13, MGM sent a detailed letter regarding the FTC request and a week later issued its formal petition to quash.

MGM argues that even though it issues “markers” to high-rolling gamblers it is not subject to rules imposed on financial institutions. Nevada law says markers — giving a casino’s biggest players the ability to gamble on a tab — is similar to accepting personal post-dated checks.

The company said markers are rarely issued and represent a fraction of the amount regularly played in casinos.

MGM also says in its petition that it has fully cooperated with federal law enforcement, including taking its advice not to pay a ransom demanded by the hackers.

“The CID risks jeopardizing those efforts and unfairly places MGM in a risky and highly prejudicial position because it encompasses information related to these criminal investigations,” the petition says. “Plainly, the request disincentivizes cooperation with law enforcement by companies subject to cyberattacks or other crimes.”

MGM estimated the economic damage from the cyberattack at $100 million, but most of that was recovered through insurance.

The company countered the attack by taking several computer systems offline to protect them from further intrusion from the hackers, believed to be an international group with domestic ties seeking a ransom payment.

During the incident, hundreds of slot machines were inoperative, guests could not access their rooms with smartphones and credit card payment systems were disrupted, leading to the manual processing of credit card transactions.

The FTC did not project how long it could take to consider MGM’s petition. But other cases involving requests to quash a CID have taken months to resolve. MGM also could potentially appeal the decision in court.

Contact Richard N. Velotta at rvelotta@reviewjournal.com or 702-477-3893. Follow @RickVelotta on X.

Don't miss the big stories. Like us on Facebook.
MORE STORIES
recommend 1
Renter says HOA board member is harassing her
recommend 2
Lei Day Parade returns to Downtown Summerlin
recommend 3
REAL ESTATE BRIEFS: APRIL 27
recommend 4
Vegas restaurant named top brunch spot in US for 2024
recommend 5
Tractor-trailers with no one aboard? Future is near for self-driving trucks on US roads
recommend 6
What are the Raiders quarterback options in 2025?
THE LATEST
Smoke free slot area is seen at the Plaza hotel and casino, on Thursday, June 8, 2023, in downt ...
Smoke-free casino advocates take fight to shareholders
By McKenna Ross / RJ

Shareholder proposals are pushing Las Vegas casino operators like Caesars Entertainment and Boyd Gaming to study the business impact of smoke-free casinos.