Strauss Borrelli PLLC, a leading data breach law firm, is investigating DraftKings Inc. regarding its recent cybersecurity incident. The DraftKings cybersecurity incident may have involved sensitive personal identifiable information belonging to an undetermined number of individuals.
ABOUT DRAFTKINGS INC.:
DraftKings is an online sports betting and gaming company based in Massachusetts. Founded in 2012, DraftKings offers a range of online gaming platforms and experiences, including a sportsbook, fantasy sports, online casino games, horse racing, and more.2,3 Additionally, DraftKings provides sports betting at retail sportsbook locations.4 Headquartered in Boston, Massachusetts, DraftKings employs over 1,000 individuals and offers online sports betting across 26 states.2,3
WHAT HAPPENED?
Recently, DraftKings reported to the Attorney General of the Commonwealth of Massachusetts that it had experienced a data security incident in which sensitive personal identifiable information in its care may have been compromised. According to the cybersecurity notice, on September 2, 2025, DraftKings became aware of a potential security incident that may have involved unauthorized access to personal data.1 As a result, DraftKings launched an investigation to determine the nature of the incident.
Through its investigation, DraftKings confirmed that an unauthorized third party stole login credentials from a non-DraftKings source, and sensitive personal information in DraftKings customer accounts may have been accessed by the unauthorized third party using the stolen login credentials.1 As a result, DraftKings began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Address
- Date of birth
- Phone number
- Email address
- Last four digits of payment card
- Profile photo
- Information about prior transactions
- Account balance
- Date when password was last changed
On October 2, 2025, DraftKings began mailing cybersecurity notification letters to impacted individuals. Based on the cybersecurity notice being sent to Massachusetts residents, DraftKings is providing affected individuals with a list of the specific types of sensitive information impacted.1 A link to the letters that DraftKings filed with the Attorney General of the Commonwealth of Massachusetts is below.
If you received a cybersecurity notification letter from DraftKings Inc.:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
