Online Sportsbook BetMGM Faces Data Breach
Table of Contents
- By Steven
- Dec 28, 2022
We often talk about how hospitals, schools, banks, and credit bureaus are some of the most prominent targets for hackers. However, we also talk about how sometimes, the most obvious place to be hacked takes eons to get hacked. Honestly, we’re just surprised that it took so long for hackers to target one of this magnitude. Most people have seen Ocean’s Eleven; a thick, twisting scheme you can’t see coming until the last second. It was fun and exhilarating, and everyone enjoyed ripping off the rich. We can promise you this casino robbery was nowhere near as fun.
How Did the Attack Occur?
An unauthorized third party accessed BetMGM’s client records, accessing an undisclosed number of customer records. Fortunately, they did not release the records to the general public. Unfortunately, it’s likely being sold on the dark web.
What Information Was Viewed or Stolen?
The unauthorized party accessed a large amount of information, much of which was very sensitive. The released data included names, birthdays, hashed social security numbers, emails, phone numbers, postal addresses, player IDs, screen names, and “information related to your transactions” with BetMGM. This leaves patrons in a perilous situation, as now their PII (personally identifying information) is in the hands of an unknown and unauthorized party.
How Did BetMGM Admit to the Breach?
BetMGM sent notification letters to the victims and the California State Attorney General’s Office. The letters contained vague information about the incident and did not detail the breach itself. However, instructions on how to redeem the offered two years of free credit monitoring were explained in great length, as is California law. “We promptly launched an investigation after learning of the matter and have been working with leading security experts to determine the nature and scope of the issue,” reads the notice. “We learned of the issue on November 28, 2022, and believe the issue occurred in May 2022.”
What Will Become of the Stolen Information?
There are, of course, many options for the hacker: they can sell, they can let the data sit for a while to fall out of the limelight, and then sell. They can keep whatever PII and financial data they accessed and use it to steal someone’s identity. They could even hand out the information to their friends. For all we know, the hacker just wanted to scare gamblers and had no plans for the stolen details. However, it would be naive to assume so.
What Should Affected Parties Do in the Aftermath of the Breach?
We like to prepare for the worst and be surprised by the best. Whenever any of us or our loved ones are affected by the data breach, we take the steps we would if our identities were stolen - short of calling the police, of course. These steps are derailed in various other posts and are the same steps many of us take to remain safe. This keeps us protected in the long run, so we spend less time worrying about our online safety and more about the life happening around us. We hope you stay safe and protect yourself as best as you can; you only live once, so don’t spend it all worrying.