BetMGM discloses security breach impacting 1.5 Million customers

Online sports betting company BetMGM suffered a data breach and threat actors offered for sale a database containing the data of 1.5 million customers.

On December 21, the online sports betting company BetMGM disclosed a data breach while threat actors offered for sale a database containing the information of 1,569,310 million BetMGM customers.

“We breached BetMGM’s casino database current as of Nov 2022. The database is inclusive of every BetMGM casino customer (over 1.5M) as of November 2022 from MI, NJ, ON, PV, and WV. Any customer that has placed a casino wager included in this database.” reads the announcement published by the seller on BreachForums.

The attackers had access to the personal information of some patrons, including name, contact information (such as postal address, email address and telephone number), date of birth, hashed Social Security number, account identifiers (such as player ID and screen name) and information related to transactions with us. According to the notice published by the company on its website, the compromised information varied by patron.

The company launched an investigation into the security breach and hired leading security experts to determine the scope of the incident. BetMGM learned of the data breach on November 28, 2022, and dated it back to May 2022. 

The company pointed out that there is no evidence that patron passwords or account funds were accessed.

Our online operations were not compromised. We are coordinating with law enforcement and taking steps to further enhance our security.

“We have learned that certain BetMGM patron records were obtained in an unauthorized manner.” reads the statement published by the company on its website. “We are coordinating with law enforcement and taking steps to further enhance our security.”

We recommend patrons remain alert for any unsolicited communications regarding their personal information and review their accounts for suspicious activity. We take our obligation to safeguard personal information very seriously and have arranged to offer affected patrons credit monitoring and identity restoration services for two years at no cost to them. The Reference Guides below provide information on steps you can take to protect your information.

The company recommends patrons change passwords and remain vigilant for any unsolicited communications regarding their personal information and review their accounts for suspicious activity.

The company is offering impacted patrons two years of free credit monitoring and identity restoration services at no cost to them.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, BetMGM data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]