As previously reported, online gambling is still gaining popularity in Ontario. However, gamblers in the Canadian province are being informed that they may be affected by a recent data breach.
About a fortnight ago, on December 21st, 2022, the leading online sportsbook provider BetMGM announced that it had become subject to a data breach that had seen its customers’ personal information get obtained by an unauthorized third party.
As the company revealed at the time, the breach affected the personal data of some of its patrons, including their names, dates of birth, contact information (such as telephone number, postal address, and email address), and hashed Social Security numbers. Information regarding customers’ account identifiers (such as player ID and screen name), as well as data about money transactions with BetMGM, has also been accessed. The sports betting company shared it has no evidence that any patron passwords or customer account funds were accessed as part of the breach.
The online gambling operator believes that the data breach took place in May 2022, less than two months after it expanded its presence in the province of Ontario. However, BetMGM became aware of the matter much later, on November 28th.
The company has still not disclosed the actual number of customers who were affected by the breach and had their information stolen. Meanwhile, an apparent hacker posted an offer on the dark web, saying that they are selling the stolen data of over 1.5 million alleged users from a number of US states, including New Jersey, West Virginia, and Michigan, and from the province of Ontario in Canada.
BetMGM Operations, Policies, Systems and Practices Being Reviewed by Several Agencies
Currently, online gambling operations in Ontario are being monitored by iGaming Ontario. The province’s lottery and gaming corporation has confirmed that BetMGM informed the regulator that it recently discovered that it had become subject to a privacy incident, which also involved unauthorized access to Ontario players’ records.
The government agency that regulates the online gambling sector of the Canadian province described the incident as a serious one but noted that the overall integrity of the regulated online gambling market in Ontario remained reliable. It highlighted the fact that gambling companies that offer their services in the province are required to have strict protocols in place in order to guarantee that their customers’ personal data is well protected.
Cybersecurity expert and analyst Ritesh Kotak explained that any type of data breach is serious because customers have their personal identifiable information essentially available in cyberspace for various third parties to take advantage of. In an interview for a local media hub, CTV News Toronto, he also warned that some hackers could use that information against members of the population in various ways because there could be identity theft or theft of potential credentials.
Although the Office of the Information and Privacy Commissioner of Ontario does not have legal oversight over BetMGM and its operations, the online gambling company still sent it a breach report that it is currently reviewing. Apart from that, the recent incident involving unauthorized access to local player data is being monitored by the Alcohol and Gaming Commission of Ontario, with the body also reviewing the policies, systems and practices of BetMGM.
