DraftKings, the online fantasy-sports company, has filed a Form S-1 registration statement with the US Securities and Exchange Commission (SEC), which indicates SBTech, a company DraftKing acquired, was hit by a ransomware attack in March.
It has been reported that according to the registration form, which is required by the SEC before companies may go public on Nasdaq, SBTech, an online gambling technology provider that merged with DraftKings, suffered the cyber attack before the merger finalized on March 27.
However, the SEC’s filing stated:
“On March 27, 2020, SBTech detected a ransomware attack on its network (the“ cybersecurity incident ”). SBTech immediately shut down its data centers. The operation of the sports betting and iGaming services of SBTech’s customers was interrupted as a result of the cybersecurity incident. SBTech informed relevant regulatory authorities and notified affected partners and customers. SBTech believes it is in compliance with applicable regulatory requirements related to the cybersecurity incident.”
ZDNet said that the online betting company had to place $30 million in escrow on April 10 to deal with the cyberattack. At that time, this attack was not yet confirmed as the result of ransomware, where the funds in escrow were set aside to cover damage costs and litigation fees.
As per the report, no additional details were disclosed in the SEC filing.
It has been analyzed that DraftKings clarified that the interruption to its operations led SBTech to compensate its customers for downtime. They stated that this had an immaterial financial impact on SBTech and DraftKings to date.
Likewise, SBTech’s investigation concluded that the impact of the cybersecurity incident was successfully mitigated.
Thus, it also included recommendations for security improvements to SBTech’s network and its information technology controls.