This month, the online gambling sportsbook company BetMGM announced that its database suffered a breach. A statement released Wednesday, December 21, said that the data breach that possibly occurred in May caused the personal information of many of its users to be "obtained in an unauthorized manner." While the affected information varied case by case, the company has confirmed that the data included in the breach were users' names, telephone numbers, hashed social security numbers, birth dates, email addresses, mailing addresses, and "information related to transactions" with the sportsbook.
In their released statement, BetMGM claimed that they currently do not have any evidence that their patron passwords or account funds were accessed. "Our online operations were not compromised. We are coordinating with law enforcement and taking steps to further enhance our security." Also, in their breach notification, the gambling company advised their patrons to watch for any "unsolicited communications" and "suspicious activity" related to their personal information.
1.5 Million BetMGM Customers Allegedly Compromised
According to a statement uploaded to a hacking forum by the alleged hacker known as 'betmgmhacked,' "We breached BetMGM's casino database current as of Nov 2022." The post continues to mention that the breached data allegedly contains 1,569,310 BetMGM customer information and their records. "The database is inclusive of every BetMGM casino customer (over 1.5M) as of November 2022 from MI, NJ, ON, PV, and WV. Any customer that has placed a casino wager is included in this database," says the threat actor. The hacker also claims that the stolen information included data sets from players from BetMGM casinos located in New Jersey and Pennsylvania, as well as a "Master Casino" dataset that consists of the information of customers from every state.
As previously mentioned, all stolen customer records include phone numbers, email, address info, and other personal information. Even with this claim, the betting firm has yet to disclose the official number of customers who had their information stolen during the May breach. However, the company suspects that the data stolen will likely be sold online if it has not already been.
BetMGM Is Offering Two Year Protection to Those Affected
In an attempt to salvage the situation, BetMGM is offering those users whose information has been compromised two years of credit monitoring and identity restoration services at no cost. "We recommend patrons remain alert for any unsolicited communications regarding their personal information and review their accounts for suspicious activity. We take our obligation to safeguard personal information very seriously..." the company said in their breach notification letter. The notification letter also includes other free resources for users to continually monitor and protect their personal information.
BetMGM Bad Luck Streak Continues
Over the last few months, BetMGM has suffered incident after incident. In March earlier this year, the sportsbook agreed to pay $25k in New Jersey after they wrongfully took bets on college sports involving state-based universities and colleges. In New Jersey, their sports betting law prohibits gamblers from betting on college games contested inside the state or events, including New Jersey universities. Then again, last month, it was reported that the betting company received an "F" from the Better Business Bureau after nearly 400 customers logged complaints about BetMGM to the nonprofit customer advocacy group in the last year. In those complaints, multiple users reported the services and website were glitching out and even wrongfully denying cash payouts for those who have made a profit on their bets.
BetMGM was also under fire this year in Maryland for allegedly accepting bets before the state gave the online sportsbook the green light to commence operations. The Maryland gaming regulators claimed that BetMGM allowed users to place bets on their app in the state on November 16, while the state's official launch date of legal sports gambling was a week later, on November 23. Those customers who placed early bets in the state of Maryland eventually had their wagers refunded. Their accounts were also credited an additional $50 for the company's error, and BetMGM agreed to pay a $146K fine.
Contact Morgan & Morgan for Help
When your personal and private information is stolen from those who claim to keep it safe, your entire world can be turned upside down. At Morgan & Morgan, our attorneys understand how recovering stolen money or correcting the damage caused by identity theft, like a damaged credit score, can be challenging to do on your own. If you believe you or a loved one had personal information compromised by the BetMGM data breach, we want to help you.
For more information regarding the data breach and how one of our attorneys can help, please complete our free, no-obligation case evaluation form today.