Cyber Incident Victim: PokerStars

On May 30-31, 2023, TSG Interactive US Services Limited, operating as PokerStars, experienced an external system breach involving unauthorized access to its systems through hacking. The breach was discovered on June 2, 2023, two days after the initial intrusion period. The compromised data included affected individuals' names combined with their Social Security Numbers, a combination posing significant identity theft risks. The incident impacted 110,291 individuals globally, including nine residents of Maine. PokerStars, headquartered at 251 Little Falls Drive in Wilmington, Delaware, engaged legal representation from Norton Rose Fulbright to manage breach disclosures, with attorney Will Daugherty serving as the primary contact for regulatory communications.

PokerStars notified affected Maine residents via written correspondence dispatched on July 20, 2023, as documented in the filing titled "EXPERIAN_Job42179d20_TSGPlatforms(Ireland)Limited(Flutter)_L01_SAS_1.pdf." The company fulfilled its obligation to alert consumer reporting agencies due to the breach exceeding 1,000 impacted Maine residents. No identity theft protection services were offered to victims, and no prior breaches had been reported by the entity within the preceding 12 months. The breach notification emphasized the confirmed acquisition of sensitive personal identifiers but did not disclose technical details regarding attack vectors, system vulnerabilities, or containment measures. Regulatory filings confirmed the incident's classification as an external cybersecurity compromise without elaborating on operational disruptions or financial consequences.