BetMGM said it became aware of the issue on 28 November and immediately launched an investigation to determine the nature and scope of the issue.
Based on their findings, the type of information accessed varied by patron, but included name, postal address, email address, phone number, date of birth, hashed social security number, user ID, and BetMGM transaction information.
BetMGM found no evidence that passwords and account funds were accessed, but recommended customers remain alert to suspicious activity in relation to their personal information.
“We are taking this matter very seriously and are working quickly to investigate. The security of our platform and our customers’ data is a priority for BetMGM. We regret any inconvenience this may cause,” said BetMGM CEO Adam Greenblatt.
The company said it was taking steps to further tighten security and was offering anyone affected by the breach free credit monitoring and identity restoration services for two years.