ftc halts mgm investigation
Up next
Author
Tags
Share article
The post has been shared by 0 people.
Facebook 0
Twitter 0
Pinterest 0
Mail 0

The Federal Trade Commission has abruptly ended its 14-month battle with MGM Resorts over a devastating ransomware attack. New FTC Chair Andrew Ferguson withdrew the Civil Investigative Demand issued to MGM in January 2024, officially closing an investigation that had turned into a heated legal showdown between the casino giant and federal regulators.

The drama began after a September 2023 cyberattack by the hacking group Scattered Spider crippled MGM’s operations. Slot machines froze. Digital key cards failed. ATMs went dark. The attack cost MGM an estimated $100 million in losses. Ouch.

When the FTC came knocking in January 2024, they weren’t playing around. Then-Chair Lina Khan’s team demanded information across 100 categories, treating MGM as a “financial institution” due to its gambling markers. MGM refused to roll the dice on compliance.

By April, MGM had filed suit against the FTC, calling the investigation “dangerous overreach” and requesting Khan’s recusal. The case echoes the FTC’s earlier dark patterns investigations, which targeted practices undermining consumer privacy. The FTC doubled down in June, filing its own lawsuit to force MGM’s cooperation. They pointed to a previous 2019 data breach as evidence of a troubling pattern.

Federal investigators had advised MGM not to pay the ransom demands, a decision that likely extended the operational disruptions but aligned with growing government resistance to funding cybercriminals.

The sudden resolution leaves important questions hanging. Can the FTC regulate cybersecurity practices of non-financial companies? Should companies pay ransoms? The answers remain fuzzy.

For the corporate world, MGM’s successful challenge creates an interesting precedent. Companies might now feel emboldened to push back against broad information requests from regulators.

The MGM saga highlights the wild west nature of cybersecurity regulation. Without clear frameworks, companies and regulators are making it up as they go. Not exactly reassuring for consumers whose personal data hangs in the balance. A robust incident response plan could have potentially reduced MGM’s recovery time from months to just a week, saving millions in operational losses. Meanwhile, MGM has already settled 15 consumer class action lawsuits related to the incident, with $45 million awaiting final court approval.

But hey, at least MGM can get back to taking people’s money the old-fashioned way – at the blackjack table.

You May Also Like
ransomware data obliteration threat

Crazyhunter: the Ransomware Threatening to Obliterate Your Data With Unprecedented Ferocity

CrazyHunter isn’t just another ransomware—it’s an AI-powered obliterator that leaves nothing but ashes where your data once lived. Your best defenses are failing against this predator with a 61% evasion rate. Digital extinction awaits.
ransomware investigation challenges faced

Bis Industries Faces Dark Cyber Challenges in Investigating Ransomware Claims

Bis Industries grapples with a Christmas-period ransomware attack that exposed 500GB of sensitive data. RansomHub’s darknet threats could devastate the mining giant’s operations. Most companies never recover.
ransomhouse gang cyber attack

RansomHouse Gang Exposes Loretto Hospital’s Vulnerabilities in Bold Cyber Assault

Chicago’s Loretto Hospital falls prey to RansomHouse’s surgical cyber assault—exposing 1.5TB of patient data without encrypting a single file. This $5 million nightmare reveals why healthcare institutions have become cybercriminals’ favorite targets.
north korea ransomware attack

North Korea’s Moonstone Sleet Unleashes Qilin Ransomware: Are You Next?

North Korea’s hackers abandon homegrown tools for Qilin ransomware, demanding millions from victims worldwide. Your business could be their next payday. No organization is truly safe.