In a stunning turn of events, MGM Resorts International has filed a lawsuit against the Federal Trade Commission (FTC) over its investigation into the 2023 cyberattack that targeted the casino operator’s systems. The complaint, filed in the U.S. District Court for the District of Nevada, accuses the FTC of overstepping its authority and violating MGM’s constitutional rights in its probe of the incident.
The cyberattack, which took place in July 2023, exposed the personal information of millions of MGM customers, including names, addresses, and social security numbers. The breach was a major blow to MGM, which operates some of the most prestigious casinos in Las Vegas and around the world.
In its lawsuit, MGM alleges that the FTC’s investigation has gone far beyond the scope of its authority and has infringed upon the company’s rights. The casino operator argues that the FTC is improperly conducting a criminal investigation into the cyberattack, despite lacking the statutory authority to do so.
MGM also claims that the FTC’s actions have violated the company’s Fourth Amendment rights by conducting warrantless searches and seizures of its electronic data. The lawsuit further alleges that the FTC has engaged in a campaign of harassment and intimidation against MGM, in an effort to force the company to settle with the agency.
The FTC has not yet responded to the lawsuit, but a spokesperson for the agency defended its investigation, stating that it is focused on protecting consumers and holding companies accountable for data breaches.
The lawsuit comes at a time when cybersecurity breaches are becoming increasingly common and high-profile. The incident has sparked concerns about the vulnerability of personal data and the ability of companies to protect sensitive information from hackers.
MGM’s decision to sue the FTC over its investigation is sure to fuel the ongoing debate about the government’s role in regulating cybersecurity and holding companies accountable for data breaches. It remains to be seen how the lawsuit will play out in court, but one thing is clear: the fallout from the 2023 cyberattack will continue to reverberate for years to come.