Cyber Incident Victim: MGM Resorts International

On May 1, 2022, an unauthorized party obtained certain patron records from BetMGM, a U.S. sports betting and iGaming operator jointly owned by MGM Resorts International and Entain Plc. The company discovered the breach on November 28, 2022, and publicly disclosed the incident on December 21, 2022. The compromised data included personal information such as names, contact details (postal addresses, email addresses, and telephone numbers), dates of birth, hashed Social Security numbers, account identifiers (player IDs and screen names), and transaction-related information. The specific data elements exposed varied by individual patron. BetMGM confirmed its online operations and gaming platforms remained uncompromised throughout the incident, with no evidence suggesting unauthorized access to patron account passwords or funds.

Upon detecting the breach, BetMGM initiated an immediate investigation with assistance from external cybersecurity experts to determine the incident's scope and origin. The company notified law enforcement agencies and implemented additional security measures to fortify its systems. Affected patrons received direct notifications and were offered complimentary two-year subscriptions to credit monitoring and identity restoration services. BetMGM established dedicated call centers in the U.S. and Canada for customer inquiries and published detailed FAQs on its corporate website. The breach notification advised patrons to monitor financial accounts, review credit reports through AnnualCreditReport.com, and remain vigilant against suspicious communications. While the attack vector and exact number of affected individuals were not disclosed, the company maintained transparency regarding the types of compromised data and the May 2022 intrusion timeline throughout its communications.