Cyber Incident Victim: BetMGM

On May 1, 2022, BetMGM experienced a data security incident involving unauthorized access to certain patron records. The company became aware of the breach on November 28, 2022, and promptly initiated an investigation with assistance from external security experts. Analysis determined that attackers obtained varying combinations of personal information including names, contact details (postal addresses, email addresses, telephone numbers), dates of birth, hashed Social Security numbers, account identifiers (player IDs and screen names), and transaction-related information. The compromise did not affect patron account funds or passwords, and BetMGM confirmed its online gaming and betting platforms remained fully operational throughout the incident. No evidence suggested ongoing unauthorized access to systems after the initial May 2022 intrusion.

BetMGM publicly disclosed the breach on December 21, 2022, notifying affected patrons via direct communication and establishing a dedicated toll-free hotline for inquiries. The company coordinated with law enforcement agencies and implemented additional security enhancements to its infrastructure. As remediation, BetMGM offered impacted U.S. and Canadian patrons complimentary two-year subscriptions to credit monitoring and identity restoration services. The operator directed customers to existing consumer protection resources including AnnualCreditReport.com and provided specific contact details for New Jersey residents to engage state consumer protection authorities. Internal investigations concluded the breach originated from external systems rather than BetMGM's core gaming platforms, with no indication that operational systems or financial transactions were compromised during the incident.