Industry News

Gambling Firm Anticipates Spending up to $100 Million in Recovery from Cyber Incident

SBTech, a provider of interactive sports betting solutions and services, has set aside up to $100 million to fix a mess left when a cybersecurity incident hit right in the midst of a merger.

In a filing with the U.S. Securities and Exchange Commission (SEC), SBTech mentions a “cybersecurity incident” that took place on March 27, shortly after Diamond Eagle Acquisition Corporation (DEAC) agreed to acquire the firm and rival platform DraftKings with plans to merge the two later this year, according to ZDNet.

The company is setting aside tens of millions of dollars – $10 million in cash and $20 million in stock – anticipating recovery costs and litigation. From the SEC filing:

“Pursuant to the BCA Amendment, $10,000,000 of the cash consideration to be received by the SBT Sellers and the holders of Cashed-Out SBT Options (as defined in the BCA) in connection with the previously announced business combination between the Company, DEAC Nevada, DK and SBT (the “Business Combination”) will be placed into escrow at the closing of the Business Combination (the “Closing”) for a period of two years, and additional shares of Class A common stock of the post-business combination company to be received by the SBT Sellers and underlying the Exchanged SBT Options (as defined in the BCA) totaling $20,000,000 in value as of the Closing will be subject to a lock-up for a period of two years from Closing to cover certain indemnification obligations of the SBT Sellers and holders of Cashed-Out SBT Option relating to a recent cybersecurity incident.”

If expenses turn out to be higher, DEAC, the buyer, will fork over another $70 million to settle any lawsuits and cover expenses related to the incident, the filing states:

“Any remaining cash and shares will be released from escrow and such lock-up provisions, respectively, on the second anniversary of the closing date, subject to any outstanding unresolved claims. To the extent such additional cash and shares are insufficient to satisfy any indemnification claims made in accordance with the BCA in respect of the cybersecurity incident, the post-business combination company will be entitled to seek recourse against the $25,000,000 cash escrow and $45,000,000 of locked-up shares as may be available in respect of SBT’s other indemnification obligations.”

And if that’s not enough, the parent company “will have recourse to indemnification directly from the SBT Sellers and the applicable SBT option holders,” the filing states.

Experts say the breach has all the hallmarks of a ransomware incident, with legalsportsreport.com pointing to the infamous Maze Team as the potential hacking group behind the attack.

The Maze Team made headlines recently for pledging to stop all attacks on the healthcare industry as the world battles one of the worst pandemics in recorded history. Apparently it’s business as usual when it comes to other industries.

About the author

Filip TRUTA

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.