January 23, 2023

FanDuel, a popular online sports betting platform, recently experienced a data breach as a result of a third-party vendor who sends transactional emails on behalf of its clients, including FanDuel. MailChimp, a third-party vendor, was the victim of a security breach in January 2023.

The vendor confirmed that on Sunday evening, an unauthorized actor obtained customer names and email addresses, but no other personal information, such as passwords or financial account information, was obtained in this incident.

FanDuel issued a statement to its customers in response to the data breach, apologizing for any concern or inconvenience caused by the incident and encouraging customers to take four important steps to help safeguard their accounts and play safely and securely.

“Recently, we were informed by a third-party technology vendor that sends transactional emails on behalf of its clients like FanDuel that they had experienced a security breach within their system that impacted several of their clients,” reads a FanDuel ‘Notice of Third-Party Vendor Security Incident’ seen by BleepingComputer.

FanDuel went on to say that the breach did not affect their systems or FanDuel user accounts, and that “the hackers did not obtain passwords, financial account information, or other personal information” as a result of it. Despite the fact that the compromised third-party vendor was not named in the security incident letter, FanDuel confirmed to BleepingComputer that it was MailChimp.

The sources for this piece include an article in BleepingComputer.