ftc halts mgm investigation
Up next
Author
Tags
Share article
The post has been shared by 0 people.
Facebook 0
Twitter 0
Pinterest 0
Mail 0

The Federal Trade Commission has abruptly ended its 14-month battle with MGM Resorts over a devastating ransomware attack. New FTC Chair Andrew Ferguson withdrew the Civil Investigative Demand issued to MGM in January 2024, officially closing an investigation that had turned into a heated legal showdown between the casino giant and federal regulators.

The drama began after a September 2023 cyberattack by the hacking group Scattered Spider crippled MGM’s operations. Slot machines froze. Digital key cards failed. ATMs went dark. The attack cost MGM an estimated $100 million in losses. Ouch.

When the FTC came knocking in January 2024, they weren’t playing around. Then-Chair Lina Khan’s team demanded information across 100 categories, treating MGM as a “financial institution” due to its gambling markers. MGM refused to roll the dice on compliance.

By April, MGM had filed suit against the FTC, calling the investigation “dangerous overreach” and requesting Khan’s recusal. The case echoes the FTC’s earlier dark patterns investigations, which targeted practices undermining consumer privacy. The FTC doubled down in June, filing its own lawsuit to force MGM’s cooperation. They pointed to a previous 2019 data breach as evidence of a troubling pattern.

Federal investigators had advised MGM not to pay the ransom demands, a decision that likely extended the operational disruptions but aligned with growing government resistance to funding cybercriminals.

The sudden resolution leaves important questions hanging. Can the FTC regulate cybersecurity practices of non-financial companies? Should companies pay ransoms? The answers remain fuzzy.

For the corporate world, MGM’s successful challenge creates an interesting precedent. Companies might now feel emboldened to push back against broad information requests from regulators.

The MGM saga highlights the wild west nature of cybersecurity regulation. Without clear frameworks, companies and regulators are making it up as they go. Not exactly reassuring for consumers whose personal data hangs in the balance. A robust incident response plan could have potentially reduced MGM’s recovery time from months to just a week, saving millions in operational losses. Meanwhile, MGM has already settled 15 consumer class action lawsuits related to the incident, with $45 million awaiting final court approval.

But hey, at least MGM can get back to taking people’s money the old-fashioned way – at the blackjack table.

You May Also Like
fortinet vulnerabilities enable ransomware

Fortinet’s Critical Flaws Now Fueling Nightmarish SuperBlack Ransomware Attacks

FortiOS vulnerabilities spawn nightmarish SuperBlack ransomware that seizes admin control in just 48 hours. Your security measures might already be compromised. Attackers are erasing their tracks.
ransomhub attacks u s agencies

RansomHub Exploits FakeUpdates in Disturbing Attack on U.S. Government Agencies

RansomHub’s sinister campaign against federal agencies has compromised 1.6 million records. Government systems crumble as hackers demand $2.79 million ransoms. Is your agency next?
blacklock data leak revelations

Researchers Uncover BlackLock’s Dark Secrets Through Exploited Data Leak Site

Hackers exploited BlackLock’s own data leak site, exposing the inner workings of 2024’s fastest-growing ransomware gang. Their sophisticated operation crumbled with a single vulnerability.
evolving ransomware tactics revealed

RansomHub’s Betruger Backdoor: The Surprising Evolution of Ransomware Tactics

RansomHub’s unsettling backdoor technology transforms how criminals attack. Their all-in-one Betruger toolkit silently infiltrates networks while masquerading as legitimate mail apps. Security teams face a nightmarish evolution in ransomware tactics.