MGM becomes target of FTC probe after 2023 hack
The fallout from the 2023 cybersecurity breach that devastated MGM Resorts International's domestic operations continues as the Federal Trade Commission (FTC) investigates the casino giant's response to the hack.
In January, the FTC issued a civil investigative request (CID) to the Las Vegas-based gaming company, requesting a trove of data and documents related to the incident. The following month, MGM filed a motion to dismiss CID.
The CID required the generation of over a hundred different categories of information, spanning several years, unrelated to the attack, and, perhaps most problematic, an unprecedented attempt by deputies to rely on security guard rules and red flags to invoke rules that did not apply to M.G. May's business. For these reasons, and despite MGM's attempts to resolve these matters informally with employees, MGM has no choice but to file this motion to waive or limit," the gaming company's legal filing states.
In September 2023, a group of domestic and foreign hackers orchestrated a cyberattack dubbed "Dispersion Spider" that resulted in a $100 million loss in earnings before interest, taxes, depreciation, amortization, and restructuring (EBITDAR) for the Bellagio operator, while the Rental expense (EBITDAR) loss in the third quarter was $10 million. - Time legal fees and other expenses.
Rival Caesars Entertainment is paying Scattered Spider $15 million to resolve another cybersecurity incident. MGM followed FBI guidelines and did not compensate the perpetrators.
MGM has bad luck
Last September, as MGM was grappling with a cyber intrusion, FTC Chairman Lina Khan and several employees attempted to gain access to the MGM Grand Hotel on the Las Vegas Strip. Call it a cruel twist of fate.
According to news reports, Khan and more than 40 other guests were forced to write down credit card numbers on pieces of paper and hand them to front-desk staff at the casino hotel. This reportedly prompted Khan to ask an MGM Grand employee what steps the company was taking to protect customer data.
This interaction is unlikely to trigger a commission investigation into MGM's response to the hack, and while the bookmaker claims the FTC's use of Safeguard and red flag rules violated the commission's authority, the bookmaker may have other issues to deal with. matter.
In fact, the FTC could have exploited its reputation for weak cyber defenses before the attack on MGM occurred. Last September, Boston-based cybersecurity assessment and analytics firm BitSight graded MGM an "F" for patching frequency. Patch frequency refers to how quickly a company patches known network issues and vulnerabilities.
The Cosmopolitan operator also suffered a cyberattack in 2019 in which 8GB of customer data was stolen and published on the messaging platform in 2022.
MGM calls victim, detective put in bad light
In its motion to dismiss the criminal investigation, MGM said it was the victim of a crime and had a "compelling and legitimate interest" in bringing the alleged perpetrators to justice.
The company added that it is cooperating fully with law enforcement and that the FTC's CID request involves a request for criminal information that could jeopardize a criminal investigation. MGM believes the FTC's request was intentional.
"In fact, at the February 6, 2024, all parties meeting and general meeting, employees requested that MGM prioritize the provision of information to law enforcement and specifically requested that MGM provide information that MGM had previously provided to the FBI. All information." Provided as soon as possible ("FBI"). MGM legal documents state that any attempts by personnel to obtain this material should be halted at least until appropriate law enforcement action is completed.
Read also:
- Games Industry Research: Carbon Emissions of Top Video Games
- U.S. cities with the most Swifties per capita
- Blackjack Casino Advantage: How to Beat the Odds
- Football 101: What is relegation in football?
Source: www.casino.org
