Summary
The Federal Trade Commission (FTC) and MGM Resorts International are close to resolving a dispute stemming from a 2023 cyberattack. The attack significantly disrupted MGM’s operations and led to a legal battle over the FTC’s investigation into MGM’s data security practices. A settlement will likely involve MGM compensating affected customers and the FTC withdrawing its investigative demand.
Dont let data threats slow you downTrueNAS offers enterprise-level protection.
** Main Story**
So, you’ve probably heard about the big MGM cyberattack back in September 2023. What a mess, right? The Federal Trade Commission (FTC) and MGM Resorts International are finally wrapping up the legal stuff that followed. Basically, a nasty cyberattack hit MGM hard, causing all sorts of problems, and the FTC started sniffing around their data security. Now, it looks like they’re settling things, with MGM paying up to compensate the people affected.
How it All Went Down: The Cyberattack
This attack wasn’t just a minor inconvenience; it crippled MGM’s operations for about ten days! Can you imagine the chaos? It cost them around $100 million in lost revenue! The masterminds were cybercriminal groups called Scattered Spider and ALPHV. What they did was pretty clever, but in a terrible way. They used social engineering – tricked an MGM employee through their LinkedIn profile to get access to admin credentials. From there, it was game over. They got into MGM’s systems, stole customer data (names, contact info, birthdays, driver’s license numbers – the works), and then deployed ransomware. That encrypted a bunch of MGM’s IT infrastructure. Luckily, credit card and bank info stayed safe, which, you know, is something. But, because so much personal data was compromised, lawsuits started piling up. Instead of paying the $30 million ransom, MGM decided to rebuild everything from backups. Smart move; that’s what the FBI usually recommends anyway.
FTC Steps In
After the attack, the FTC, naturally, launched an investigation. They wanted to know what MGM’s data security was like, so they issued a civil investigative demand (CID) in January 2024. It asked for a ton of information going back years. MGM wasn’t thrilled. They felt a lot of the data wasn’t relevant and asked for more time to get everything together, but didn’t get it. Then, in April 2024, they sued the FTC, claiming the FTC was overreaching and that there was a conflict of interest, because the FTC Chair, Lina Khan, had actually been at an MGM property during the attack. Talk about awkward timing! I mean, can you imagine the headlines if they hadn’t challenged it?
Compensating Customers: The Settlement
But it appears this is all coming to an end, and things are starting to wrap up. MGM’s going to compensate consumers whose data was compromised, as part of a “global settlement.” So, people affected will get financial compensation and credit monitoring services. It also settles several class-action lawsuits. A judge already approved a preliminary settlement of $45 million. Not bad. The payouts will vary depending on the data exposed. For instance, if your Social Security or military ID number got out, you’ll get $75. If it was your passport or driver’s license, you’re looking at $50. It’s not a huge amount of money, granted, but it’s better than nothing, and it’s a good step toward accountability.
The Bigger Picture: Data Breach Risks
This MGM situation is a serious reminder of how dangerous data breaches are becoming. It’s a sign of the times, and it shows that companies of all sizes need to take cybersecurity seriously. The Identity Theft Resource Center said in its 2023 Annual Data Breach Report that data compromises are happening more than ever. In the US alone, there were over 3,205 data breaches, affecting over 353 million people! These incidents underscore the importance of robust cybersecurity measures and the need for organizations to prioritize data protection to mitigate the risks and consequences of such attacks. So, what’s the takeaway? Well, the MGM settlement, as of March 7, 2025, could be a turning point. It shows that companies will be held accountable for data breaches, and that consumer protection is becoming a bigger deal as cyber threats keep escalating.
$75 for my Social Security number? Finally, a use for it other than proving I’m not a robot trying to apply for a mortgage! Maybe I should deliberately leak my passport details and treat myself to a fancy dinner with the proceeds. Cybercrime: now with added appetizers!
I love your take on finding a silver lining! It’s definitely frustrating when personal data is compromised, but your suggestion about a fancy dinner is a fun way to look at it. Seriously though, this highlights the need for stronger data protection to prevent these breaches in the first place. What more can companies do to ensure better security protocols?
Editor: StorageTech.News
Thank you to our Sponsor Esdebe
The MGM cyberattack highlights the vulnerability of large organizations and the creativity of cybercriminals using social engineering. The fact that stolen credentials gave attackers access to encrypt critical infrastructure underscores the importance of multi-factor authentication and employee training.
Great point! The social engineering aspect is definitely something organizations need to address proactively. Training employees to spot phishing attempts and other deceptive tactics is crucial in preventing these types of breaches. Stronger authentication methods can only go so far if the initial access is compromised.
Editor: StorageTech.News
Thank you to our Sponsor Esdebe
Given the reliance on social engineering via LinkedIn, what specific proactive measures can organizations implement to mitigate risks associated with employee profiles and external communication on professional networking platforms?
That’s a key question! Besides training, it’s worth exploring stricter internal policies regarding what information employees share publicly and implementing verification processes for profile updates. Think of it as a digital risk assessment integrated into HR processes. Has anyone had success with specific tools or strategies in this area?
Editor: StorageTech.News
Thank you to our Sponsor Esdebe
The MGM case underscores the financial impact of social engineering attacks beyond immediate ransom demands. Rebuilding systems and compensating customers adds significantly to the overall cost, highlighting the need for comprehensive cybersecurity budgets that include preventative measures.