Leading sports betting firm BetMGM discloses data breach

BetMGM, a leading sports betting firm, disclosed that a security breach occurred after an attacker stole personal data belonging to a number of customers.

Although the victim’s personal information is different for every customer, they were able to obtain a variety of data including their names, addresses (including email addresses and telephone numbers), dates and births, as well as hashed Social Security numbers and account identifiers such screen names and player IDs.

According to the company, it was aware of the breach in November 2022. However, the breach is believed to have occurred in May 2022.

According to a press release , BetMGM does not currently have any evidence of patron passwords and account funds being accessed as a result of this issue.

“BetMGM’s online operations weren’t compromised. BetMGM has been working with the law enforcement to strengthen its security.

were sent December 21st, 2022. Customers were warned to be on the lookout for unsolicited communication and suspicious activity involving their personal data.

BleepingComputer’s email today asking for more information about affected customers was not answered by a BetMGM spokesperson.

Affected: More than 1.5 Million BetMGM clients

The betting company has yet to reveal the total number of customers who had their data stolen during the May breach. However, it is possible that the attackers have already begun selling the information online.

The threat actor referred to as ‘betmgmhacked” said that he had breached BetMGM’s casino database, which was current as of Nov 20,22. He posted the stolen data for sale yesterday on a hacking forum.

The database includes every BetMGM customer over 1.5 million as of November 20,22, from MI, NJ and ON to PV. This database includes any customer who has ever placed a wager on a casino.

The threat actor posted a post titled “BetMGM.com Casino Database Break”. It claimed that the BetMGM database of stolen customer data contains 1,569.310 user records.

The threat actor claims that it also contains data sets containing players of BetMGM casino in New Jersey, Pennsylvania and a Master Casino data set with customer information from all 50 states. All records, including phone numbers and email addresses, are subject to this data breach.

BetMGM, a New Jersey-based sports betting operator, was founded by Entain plc and American entertainment company MGM Resorts International in 2018. It is one of the most important sports betting and gaming firms worldwide.

BetMGM has a range of online gambling brands, including Borgata Casino and Party Casino.