Skip to main content

Ontario gamblers affected by recent BetMGM data breach


Online sports betting continues to gain popularity. However, gamblers in Ontario are being notified they may be the victims of a recent data breach.

Leading sports betting company BetMGM announced on Dec. 21 the personal information of its customers was obtained in an unauthorized manner.

The breach affected the data of some patrons, including their names, contact information (such as postal address, email address and telephone number), dates of birth, hashed Social Security numbers, account identifiers (such as player ID and screen name) and information related to transactions with BetMGM.

Ritesh Kotak is a cybersecurity analyst and said, “Once you become the victim of any type of breach, putting the toothpaste back in the tube becomes almost impossible.”

“Any type of date breach is significant because your personal identifiable information is essentially out there in cyberspace for hackers to leverage. Think about how that information can be weaponized against members of the population you have, identity theft and theft of potential credentials,” Kotak told CTV News Toronto in an interview.

The company believes the hack happened in May 2022, less than two months after it expanded operations into Ontario. However, it wasn’t until Nov. 28 the company became aware of the matter. BetMGM said it has no evidence that patron passwords or account funds were accessed in connection with the breach.

While the betting firm has yet to disclose the number of customers that had their information stolen in the breach, an apparent hacker posted on the dark web they are selling the stolen data of more than 1.5 million alleged customers from several U.S. states including, New Jersey, Michigan, West Virginia, and Ontario in Canada.

iGaming Ontario oversees online gaming in the province and tells CTV News Toronto BetMGM recently discovered they have experienced a “privacy incident, including unauthorized access to records of Ontario players.”

“While this incident is serious and is being treated as such, the overall integrity of the Ontario regulated iGaming market is extremely reliable. Operators are required to have strict protocols in place to ensure the protection of people’s personal data,” the government agency said in an emailed statement.

CTV News Toronto reached out to the Office of the Information and Privacy Commissioner of Ontario asking if BetMGM is required to notify them of a breach but was told it does not have oversight over BetMGM.

The Office of the Privacy Commissioner of Canada, however, tells CTV News Toronto it did receive a breach report from MGM, which it is now reviewing in order to determine next steps. A spokesperson for the office adds, “Unfortunately, we are not in a position to provide additional details at this time”.

CTV News Toronto also reached out to the Alcohol and Gaming Commission of Ontario asking if it is conducting its own investigation or doing a review of BetMGM practices, and received this response: “The Alcohol and Gaming Commission of Ontario (AGCO) is monitoring the BetMGM incident of unauthorized access to Ontario player data. This is a serious concern and we are reviewing BetMGM systems, policies and practices given their regulatory responsibility to protect player information.”

Kotak says, “Anytime a company expands, it’s important to understand that cybersecurity and privacy, especially customer privacy, must be front and centre, it cannot be an afterthought”.

This is not the first gaming cyberattack in Ontario. In 2016, Casino Rama was the victim of a breach where people had their information stolen and a hacker published 14,000 personal files, including employee information and confidential emails.

For online gamblers, Kotak suggests creating a new email address and password, enabling multi-factor authentication, and using prepaid credit cards because, “You’re not actually putting in your actual credit card information so if there’s a breach, it’s limited to the amount of money you put in”.

BetMGM says it is working with law enforcement and taking steps to enhance its security. In an email to patrons, it also advises users to remain vigilant by reviewing their account statement and monitoring their free credit reports. The company says Canadian patrons can order credit reports from TransUnion Canada and Equifax. Top Stories

Severe and dangerous weather hits many areas around the world

Much of central and eastern Canada had to contend with soaring temperature and humidity this week as a heat dome blanketed large areas of the country. The stagnant weather pattern produced record-setting high temperatures in Ontario, Quebec, and Atlantic Canada.

Stay Connected