In a Form S-1 filed with the SEC today, DraftKings disclosed that SBTech, who they merged with in April, was hit by a ransomware attack at the end of March 2020.
In April 2020, online fantasy sports leader DraftKings, online gambling technology provider SBTech, and Diamond Eagle Acquisition Corp (DEAC) finalized a three-way merger to operate under the name DraftKings Inc.
In a Form S-1 registration statement filed with the SEC as required to go public on the Nasdaq stock market, DraftKings disclosed that SBTech suffered a ransomware attack on March 27th, right before the merger finalized.
“On March 27, 2020, SBTech detected a ransomware attack on its network (the “cybersecurity incident”). SBTech immediately shut down its data centers. The operation of the sports betting and iGaming services of SBTech’s customers was interrupted as a result of the cybersecurity incident. SBTech informed relevant regulatory authorities and notified affected partners and customers. SBTech believes it is in compliance with applicable regulatory requirements related to the cybersecurity incident.”
“The interruption to the operations of its customers led SBTech to compensate its customers for down time, with immaterial financial impact to SBTech and DraftKings to date. SBTech’s investigation concluded that the impact of the cybersecurity incident was successfully mitigated, and also included recommendations for security improvements to SBTech’s network and its information technology controls. DraftKings is in the process of implementing these recommendations. The duration and cost of implementation have not yet been determined,” DraftKings S-1 disclosure revealed.
The filing does not state what ransomware family conducted the attack.
SBTech cyberattack previously reported
While it was previously known that SBTech was hit with a cyberattack in March, it was not confirmed that it was caused by ransomware.
As reported at the time by ZDNet, SBTech suffered a cyberattack that caused their online sports and casino betting platform to go offline for about a week.
This outage also caused online betting sites that utilized SBTech’s platform to go down.
Due to these client outages, DEAC renegotiated their merger and required SBTech to create a $30 million emergency fund, consisting of $10 million in cash and $20 million in post-merger Class A common stock, to cover any future costs and litigation fees associated with the cyberattack.
It does not appear that the attack had any material effect on the merger.
Today SEC filing states, “The interruption to the operations of its customers led SBTech to compensate its customers for down time, with immaterial financial impact to SBTech and DraftKings to date.”