PokerStars Alerts Players in United States about “Cybersecurity Incident” that Exposed Personal Information

PokerStars players in the United States began receiving letters this week notifying them of a “cybersecurity incident” that exposed their names, addresses, and social security numbers to hackers. More than 110,000 PokerStars players who opened accounts in Pennsylvania, Michigan and New Jersey are impacted and should take action to protect themselves, says PokerStars.


PokerStars is one of the many companies that fell victim to a security breach in May. (Image: PokerStars)

On June 2, PokerStars was made aware of a vulnerability within a piece of software the company uses to encrypt and transfer files, MOVEit. Hackers used the vulnerability to copy the personal information of account holders. The problem was discovered  by security experts May 31.

According to CyberNews, “cybercrooks can use personal information to commit fraud ranging from identity theft and phishing attacks to opening new credit accounts, making unauthorized purchases, or obtaining loans under false pretenses” with that kind of information.


PokerStars is one of more than 400 companies and organizations who were victimized by this breach. That includes 88 schools in the U.S. So far, security experts report the hack could impact more than 23 million people, but that number may shoot way up, since one of the companies that used MOVEit stores information for students and employees at 3,500 schools across the country.

The hack affects some of the largest companies in the world. Besides PokerStars, Shutterfly, Warner Bros Discovery, AMC Theatres, Honeywell, Choice Hotels’ Radisson Americas chain, American Airlines, and Johns Hopkins University and Health System are just a few of the victims.

SecurityWeek, a cybersecurity news and information magazine, estimates the hack could cost companies and earn hackers more than $100 million. Cybersecurity experts EmsiSoft reported that a Russian ransomware hacking group Cl0p took responsibility for stealing the information on June 6. The group is demanding companies pay a ransom to delete the stolen user information.

On June 16, the U.S. government offered a $10 million bounty for information about the hacking gang.

PokerStars told its users via the letter that it no longer uses MOVEit to transfer its files. CardsChat was also told that PokerStars hired a cybersecurity forensic investigator to determine the severity of the hack and which players were affected.

PokerStars offers free credit monitoring

In response to the breach, PokerStars is giving impacted users a two-year membership to Experian’s IdenityWorks, an identity theft protection service.

Directions and codes to sign-up for the service are included in the letters that affected players received. Players must sign up before Oct. 31, to be eligible for the fee monitoring.

TSG Interactive US Services Limited, which is the name PokerStars uses to conduct business in the U.S., also encouraged its hacking victims to utilized credit report tracking companies like Equifax, Experian, and TransUnion to make sure their personal information isn’t being used nefariously.

Experian has a dedicated number for concerned PokerStars’ players to call if they have any questions about the breach: 833-919-4753 (Monday through Friday from 6 a.m. to 8 p.m. PT, and Saturday and Sunday between 8 a.m. and 5 p.m. PT).

Corrections, complaints, tips or kudos?

Written by
Bob Pajich
Bob Pajich is a poker news reporter, creative writer, and poker player who never met suited connectors he didn't like. Tips, corrections, complaints and kudos should go to

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Did you know about our poker forum?

Discuss all the latest poker news in the CardsChat forum