This past September, cybercriminals broke into the computer systems at MGM Resorts and demanded a $30 million ransom, crippling operations inside its hotels: Slot machine screens displayed sad-face emojis, credit card purchases got processed by hand, guests found other people checked into their rooms. Chaos lasted for days, and while MGM didn’t pay the ransom, it later acknowledged that the hackers did make off with tons of customer data—everything from names, contact info, and dates of birth to driver’s license numbers and a “limited number” of social security and passport numbers.

It was an Ocean’s Eleven-style data heist, an analogy made more appropriate by the guests staying at the hotel: Among them were Amy Poehler and Maya Rudolph, and FTC chair Lina Khan, who was in Las Vegas attending meetings about Kroger and Albertsons’ proposed merger. Bloomberg News described Khan’s experience at the casino’s check-in counter where she ended up scribbling her credit card number onto a piece of paper:

On Tuesday night, she was among the 45 people waiting to check in at the MGM Grand along the Las Vegas strip as staff worked to manually fulfill everyone’s reservation . . . When Khan and her staff got to the front of the line, an employee at the desk asked them to write down their credit card information on a piece of paper.

As the leader of the federal agency that, among other things, ensures companies protect consumer data wrote down her details, Khan asked the worker: How exactly was MGM managing the data security around this situation? The desk agent shrugged and said he didn’t know, according to a senior aide who was traveling with Khan and described the experience to Bloomberg as surreal.

At the time, a representative noted it was TBD if MGM’s conduct merited a harder look. In January, the FTC decided that it did. MGM wasn’t thrilled by that turn of events, and according to the Las Vegas Review-Journal, its legal team believes they’ve found a creative way to shut this mess down: MGM sued the FTC and Khan on Monday, the paper reports, arguing they acted against the agency’s own conflict-of-interest rules by investigating the cyberattack, and have violated MGM’s Fifth Amendment right to due process:

The lawsuit alleges Khan and a senior aide have a conflict of interest because they were guests at the MGM Grand on September 12 as the cyberattack, which cost the company an estimated $100 million, was unfolding last year.

“MGM’s misfortune that day was compounded by the presence of a powerful public figure at its Las Vegas hotel during the attack,” the lawsuit states.

MGM wants Khan to recuse herself. It also wants an injunction that bars the FTC from seeking a special type of subpoena (known as a civil investigative demand), which federal agencies can use to request information from private companies without a court order. This would flat-tire Khan’s investigation into how MGM handled the hack, an incident that reportedly already cost the hotel brand $100 million. The FTC has asked MGM to hand over some “100 categories of information.”

According to the Review-Journal, the lawsuit also claims the publicity created by Khan being among the people affected by the hack “triggered 15 consumer class-action lawsuits against MGM.” These lawsuits might try to call Khan as a witness, the company argues.

MGM’s complaint makes additional arguments, the prime one being essentially a legal variation on “what happens in Vegas stays in Vegas”—the company is a casino operator, not a financial services institution, it argues, and as such, the same federal regulations don’t apply.

Interestingly, attempting to force the FTC chairperson’s recusal once their agency comes for you is a litigation strategy with some precedent.

Khan’s FTC has spent three years bursting corporate America’s antitrust bubble, going after everyone from the FAANG companies to drugmakers to big grocery chains. Perhaps fearing the worst, Amazon filed a petition in 2021 asking Khan to recuse herself from any Amazon-related future matters, on account of “preconceived views about the company” that prevented her from overseeing issues involving Amazon with “an open mind.” Meta filed a similar motion around the same time that quoted critical tweets she’d written and stuff she said during an episode of Bernie Sanders’ podcast.

As a Yale University law student in 2017, Khan wrote an influential paper called Amazon’s Antitrust Paradox. It argued that the e-commerce giant represented a novel business type that needed to have a novel antitrust standard created for it. After she wrote that, she worked for the Open Markets Institute, a left-leaning think tank that believes Amazon ought to be split up, and did a stint for the House Judiciary antitrust subcommittee where she and others were critical of Big Tech.

Neither company’s clever legal maneuvering got Khan booted. The FTC has sued or taken other action against Meta several times since then, each time with Khan’s involvement. She and the agency sued Amazon last September, two weeks after MGM got hacked, arguing the e-commerce player wields monopoly power “to inflate prices, degrade quality, and stifle innovation for consumers and businesses.” Meta’s and Amazon’s lawyers did base their legal motion on actions Khan took voluntarily. In Vegas, she just made the mistake of trying to check in to the MGM Grand.