On December 21, 2022, BetMGM, a sports betting company, announced that its customers’ personal information had been obtained in an unauthorized manner. In its “Notice Regarding Patron Personal Information”, BetMGM revealed that it learned of the data breach on November 28, 2022 and believes that the breach occurred in May 2022.
The affected information varied by customer and included names, contact information (e.g., postal addresses, email addresses, telephone numbers, etc.), dates of birth, hashed Social Security numbers, account identifiers, and information related to transactions with BetMGM. The company stated that its online operations were not compromised, and it had no evidence that passwords or account funds were accessed in connection with the breach.
BetMGM also indicated that it is coordinating with law enforcement and taking steps to further enhance its security. The company recommended that customers remain alert for any unsolicited communications regarding their personal information and review their accounts for suspicious activity and is offering free credit monitoring and identity restoration services for two years to affected individuals.
While BetMGM did not disclose the number of affected individuals, an apparent hacker allegedly advertised the stolen data of more than 1.5 million customers across Ontario and several US states for sale on the dark web.
CTV News Toronto reported that the Office of the Privacy Commissioner of Canada confirmed that it received a breach report from BetMGM and is now reviewing the report in order to determine next steps.
In addition, the Alcohol and Gaming Commission of Ontario disclosed to CTV News Toronto that it is “monitoring the BetMGM incident of unauthorized access to Ontario player data” and “reviewing BetMGM systems, policies and practices given their regulatory responsibility to protect player information.”
Summary By: Steffi Tran
Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.
E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.