US sportsbook operators continue to suffer cybersecurity issues, as BetMGM becomes the latest to reveal a data breach.
On Wednesday, BetMGM notified customers that “certain BetMGM patron records were obtained in an unauthorized manner.” The operator became aware of the issue Nov. 28, but believes the breach occurred back in May 2022.
“We are taking this matter very seriously and are working quickly to investigate it,” BetMGM CEO Adam Greenblatt said in a release Wednesday. “The security of our platform and our patrons’ data is a top priority for BetMGM. We regret any inconvenience this may cause.”
BetMGM hack details
The company said it is working with “leading security experts to determine the nature and scope of the issue” and that there is no evidence customer passwords or funds are at risk.
The breach, however, might have included personal information on various patrons including:
- Contact information like postal address and email
- Date of birth
- Hashed Social Security number
- Account identifiers, like player ID and screen name
- Information related to transactions with BetMGM
The sportsbook is providing customers with two years of credit monitoring and identity restoration services.
Data breach news comes after Massachusetts approval
The data breach news comes closely following BetMGM’s approval for a Massachusetts sports betting license. Commissioners had reservations about the BetMGM application and implemented two conditions with the approval.
One of the conditions on the license could be related to the data breach:
“BetMGM provide timely and ongoing updates concerning any developments connected to the two confidential investigations that were first disclosed to the IEB on 12/16/22 and further discussed in executive session today.”
The Massachusetts Gaming Commission did not respond to a request for comment from LSR Thursday.
BetMGM has tough November
In November, “dozens of fraudulent accounts” were created on BetMGM using professional poker player names, according to an ESPN report.
This week’s news comes roughly a month after DraftKings announced its customers lost approximately $300,000 when their passwords were compromised. The operator refunded the accounts.
The DraftKings issue affected nearly 68,000 accounts, according to a Dec. 16 filing in Maine.
Sportsbook data troubles
The FBI is looking into the rise in sportsbook data breaches, including at DraftKings and FanDuel, according to ESPN.
Cyberattacks are not new to the sports betting industry. In 2020, SBTech-powered sites were the target of an attempted ransomware attack.
Later in 2020, a cyber attack hit sports data provider Stats Perform.