Part of bill blocks probe into MGM cyberattack

By Richard N. Velotta - Las Vegas Review-Journal

A provision in U.S. House legislation could block the Federal Trade Commission investigation into the September cyberattack that temporarily crippled MGM Resorts International properties.

The Republican spending bill includes a provision that would block a Jan. 25 FTC civil investigative demand of MGM to provide details of its data security practices after the company suffered a ransomware attack by hackers believed to be an international group with domestic ties. The bill also slashes the FTC budget by 27 percent.

The MGM cyberattack affected several MGM computer systems, including telephones, email, credit card transactions, reservation systems, hotel check-ins and slot machines, for nine days starting Sept. 10. FTC chair Lina Khan and an aide were staying at an MGM hotel in Las Vegas for a conference during the incident.

“The core mission of this bill is to protect the integrity of America’s financial and judicial systems,” Appropriations committee Chairman Tom Joyce, R-Ohio, said in a release.

“In order to fulfill that mission, this bill makes cuts to prevent agency overreach by prohibiting funds for dozens of regulating actions such as blocking the FCC from regulating broadband rates, the FTC from controlling how everyday Americans purchase a car, and the SEC from collecting and surveilling transactions of everyone who invests in the stock market,” Joyce said. “With these key priorities in the bill, I am proud we were able to advance it out of committee and to the House floor.”

It’s unclear when the spending bill, which was approved by the House Appropriations Committee in June, will go to the full House for consideration. Committee Republicans rejected a proposed Democratic amendment that would have enabled the FTC chair to take unilateral action that exceeds the commission’s statutory authority.

The bill was scheduled for a vote this week, but the Republican leadership withheld it. Appropriations legislation is required for approval of the federal budget by Oct. 1.

MGM cyberattack

British law enforcement authorities working with the FBI arrested a 17-year-old boy last week in connection with the attack. The unidentified teen was released on bond after being apprehended by the Regional Organised Crime Unit for the West Midlands in Wallsal, a small city in central England.

MGM has pushed back against the FTC’s request for information, known as a CID, with a lawsuit filed April 15.

The four-count action, filed in U.S. District Court for the District of Columbia, seeks an injunction to stop the FTC from seeking a CID unless FTC Chairwoman Lina Khan disqualifies herself from the matter.

The lawsuit is based on the conflict of Khan and a senior aide being guests at the MGM Grand as the cyberattack — that cost the company an estimated $100 million —was unfolding in September.

The FTC countered June 14 with a petition in U.S. District Court in Nevada to force MGM to respond to the CID.

Contact Richard N. Velotta at rvelotta@reviewjournal.com or 702¬477-3893. Follow @RickVelotta on X.