WASHINGTON (Legal Newsline) - MGM Resorts' fight with the old Federal Trade Commission has been dropped by the new FTC, which features a new chair and an empty seat following the election of President Donald Trump.
Ex-FTC chair Lina Khan took a data breach at MGM in September 2023 seriously, especially considering she was a guest at one of MGM's Las Vegas properties during the cyberattack. She issued a civil investigative demand resisted by MGM, which went to court to complain the FTC's administrative process was unlawful.
It also said Khan needed to recuse herself because she was personally involved. Khan is no longer at the FTC, and a March 7 court document says the FTC has withdrawn its civil investigative demand to the company.
The CID was withdrawn Feb. 26. A related federal court case in Nevada filed by the FTC to enforce the CID was dropped Feb. 28.
MGM's move to block the CID in D.C. federal court was subsequently withdrawn.
"(T)here is no longer a pending FTC investigation of MGM in this matter," a status report in D.C. says.
MGM says the FTC was violating its fundamental rights with a probe of its responses to cyberattacks.
MGM's motion to quash said Khan should have recused herself, as she was both a potential civil plaintiff and a potential witness. It refused to comply with the CID, leading the FTC to file its own petition June 17.
The FTC asked the Nevada court to force MGM to respond to its questions as it sought to find out whether it violated the FTC Act, the Safeguard Rule and the Red Flags Rule.
The CID sought information about MGM's corporate structure, operational control and information security practices. For the Red Flags Rule, it asked whether MGM obtains consumer reports with credit transactions, advances funds and has developed a trained staff on identity theft prevention measures.
The cyberattack occurred in September 2023 and has had significant financial implications for MGM, the company says. It is cooperating with the FBI to bring those responsible to justice, it adds.
Reports claim that Khan was asked to write her credit card information on paper due to the incapacitated IT systems.
Following this incident, the FTC launched an investigation into MGM's data security practices. The FTC issued a CID, seeking more than 100 categories of information from MGM.
The casino operator alleges that some requests appear directly derived from Khan's personal experience during the attack.
The company said last year it faces 15 class action lawsuits from the attack.
The old FTC denied both MGM's motion to quash and disqualify Khan, which MGM says deprived it of its Fifth Amendment rights.
"The order relies on the Commission's position that its Rules of Practice do not allow for recusal of Commissioners except from administrative litigation," the motion says.
"As a result, in cases like this one, the Commission refuses to entertain petitions to recuse Commissioners from other aspects of FTC proceedings, such as ruling on Petitions to Quash.
"This categorical refusal to hear petitions to recuse or disqualify - even in extreme cases like this one - violates the Due Process Clause of the Fifth Amendment."
MGM called it a "pattern of unconstitutional conduct."