"BetMGM Confirms Breach as Hackers Offer to Sell Data of 1.5 Million Customers"
MGM Resorts-owned online sports betting company BetMGM recently confirmed that it suffered a data breach the same day hackers offered to sell a database containing the information of 1.5 million BetMGM customers. BetMGM said, “patron records were obtained in an unauthorized manner.” The company said the compromised information includes name, email address, postal address, phone number, date of birth, hashed Social Security number, account identifier, and information related to transactions. The company noted that the affected information varied by the patron. BetMGM claims there is no evidence that passwords or account funds were accessed by the hackers. However, the company still recommends changing passwords as a good practice, and it’s offering two years of free credit monitoring and identity restoration services to impacted individuals. The company stated that it learned of the incident on November 22 and believes the intrusion occurred in May 2022. In a popular cybercrime forum post, someone claiming to be the hacker offered to sell a database containing nearly 1.57 million records dating from November 2022, allegedly associated with “any customer that has placed a casino wager.” The hacker’s message, posted on December 21, describes the type of data stored in the database, and it’s the same as the one mentioned in BetMGM’s announcement. The hacker has also posted some sample data. It’s unclear how much they want to get for the stolen database.