6 tips to protect against a fantasy football data breach

Dad and his son check their fantasy football scores after taking steps to protect their personal information.

Looking forward to the start of your fantasy football league? You’re far from alone. According to the Fantasy Sports & Gaming Association, 62.5 million people played fantasy sports in the United States and Canada in 2022.

Fantasy sports are also a lucrative business. ReportLinker in its Fantasy Sports Global Market Report 2023 said that the fantasy sports market grew from $25.44 billion in 2022 to $28.96 billion in 2023. They also said that the fantasy gaming market is expected to grow to $40.88 billion in 2027.
With so much money involved, it’s not surprising that online fantasy sports leagues often attract hackers eager to expose the passwords and personal and financial information of players through massive data breaches.

The leagues also attract scammers eager to flood victims’ computers with malware, steal their personal and financial information, take over their bank accounts, and make illegal purchases on their credit cards.
Fortunately, you can protect yourself both from con artists trying to scam you individually and from possible data breaches by following some common-sense strategies. It’s all about keeping your personal and financial information private and avoiding any suspicious links.

Fantasy data breaches can happen
When you think of data breaches, you might picture hackers targeting big-name department stores, government bodies and giant banks to steal thousands of passwords, Social Security numbers, and other financial information from customers and constituents.
But fantasy sports haven't been immune from data breaches in which players' information has been exposed.

In October of 2021, Fantasy Football Hub, an online fantasy league focusing on soccer, admitted that it had suffered a large data breach, with a cyber criminal accessing the league's WordPress dashboard. This allowed the hacker to download the usernames and email addresses of players.
Unfortunately, there’s nothing that you can do to stop hackers from targeting the fantasy football leagues in which you play. But you can take steps to protect your data and information if your online league is hit by a data breach.

What to do after a data breach

If your information has been exposed in a data breach hitting a company operating in one of the 50 U.S. states, the breached company is required to notify you. If your league contacts you saying that your personal or financial information might have been exposed in a breach? Don't ignore this message. It's time to act.

1. Update the passwords to your important accounts: If your online fantasy football league has suffered a data breach, it's time to update the passwords at your most important accounts. The data breach might have exposed these passwords, with hackers possibly buying them on the Dark Web. To protect yourself from these criminals, replace your current passwords with new, complex passwords at your online bank accounts, credit card portals, mortgage loan payment portal, and any other key financial accounts.

But don't stop there: If you use the same password at multiple accounts, stop. If cybercriminals have nabbed that password, they can then use it to log onto these accounts. Again, to protect yourself, update these accounts with new, more complex passwords.

2. Step up your security game with two-factor authentication: To better protect your online accounts, set up two-factor authentication at your online bank, credit card, and other financial accounts.

Two-factor authentication requires that after you enter your username and password at a site, you also provide a code that is usually texted to your phone. Only after you add this code can you log onto your account.

Two-factor authentication makes it more difficult for cybercriminals to access your accounts, even if they do know your password. If they can’t receive the texted code, they can’t log into your accounts.

3. Add a fraud alert: You can add a fraud alert to the national credit bureaus of ExperianTransUnion, and Equifax at no charge. These alerts tell lenders or credit card providers that you might be the victim of identity theft. The alert requests that these lenders verify that it is really you who is applying for a new credit card or loan before they process an application. Lenders, then, might contact you before automatically approving a request for new credit.

A fraud alert remains on your credit reports for one year. You can also apply for an extended fraud alert that remains on your reports for seven years. You can renew both types of fraud alerts if you'd like.

4. Order your credit reports: Each of the three credit bureaus maintains a credit report on you, reports listing your history of payments and your open credit and loan accounts, including how much you owe on each. If your fantasy football league has been breached, order free copies of these reports from AnnualCreditReport.com. In 2023, you can order a copy of each of your reports once a week.

Once you get your reports, look them over carefully for credit card accounts and loans that you don’t remember taking out. This could be the sign that someone has opened these accounts illegally in your name, something that could happen if your personal or financial information was exposed in a data breach.

If you do notice fraudulent accounts, contact the credit card providers or lenders behind them immediately and inform them that someone has stolen your identity.

5. Check your online accounts: It’s equally important to frequently log onto your online bank and credit card accounts. Look for unusual withdrawals or credit card purchases that you didn’t make. These are signs that someone has used your personal information to access your accounts and make fraudulent transactions.

Contact your banks and credit card providers if you notice suspicious activity. Report this activity quickly to limit any damage. And remember, many credit card companies offer zero liability if you report fraudulent activity within 30 days.

6. Freeze your credit: You can also freeze your credit with each of the three credit bureaus. Once you do this, lenders, credit card providers, and others won’t be able to access your credit reports. Because of this, they won’t approve any applications for new credit or loans made by fraudsters.

The catch? If you do want to apply for a new credit card or loan, you’ll need to temporarily unfreeze your credit.

Fortunately, both freezing and unfreezing your credit is free. You’ll have to contact each credit bureau individually to put a freeze in place: ExperianEquifax, and TransUnion.

Data breaches not the only threat

Many online fantasy football leagues award prize money at the end of the season to those players who earn the most points. And bigger leagues deal with a lot of cash.
Consider Yahoo's fantasy football league. In one of Yahoo's leagues, the first-place winner earns a prize of $25,000. It costs individual players $5,000 to join this league. In another Yahoo fantasy football league, first-place winners earn $5,000 in prize money at the end of the season, while participants must pay $1,000 to join.

RealTime Fantasy Sports offers a high-stakes fantasy football league in which teams must pay up to $10,000 to enter. The winner in this league earns a prize of $40,000.
These generous prize packages attract plenty of players. And as the number of players grow, so does the number of scammers.

These scammers will resort to several tricks to steal either your money or personal information, meaning that data breaches aren’t the only cybercrime about which you must worry.

They might send you phishing emails stating that they are representatives of your fantasy sports league and informing you that your financial information has been lost and that you need to provide your credit card or bank account information. They might say that they are updating their security systems and that if you don’t provide your Social Security number, they’ll be forced to expel you from the league.

If you provide this information, the scammers will use it to open credit card accounts or loans in your name. They might use the information to access your online credit card portals or bank accounts, stealing your money and running up illegal purchases on your credit cards. Some might even sell your personal and financial information on the Dark Web.

Other con artists might ask you to click on a link to join a new league or to keep your fantasy account open. If you do, the link might flood your device with malware that tracks your keystrokes, spies on your online activity, or lets criminals take over control of your computer. Clicking on a link might instead take you to a new website in which you are asked to provide information such as your Social Security number or credit card information.

Some scammers might pretend to be fellow players, chatting with you on the online message boards set up by many fantasy football leagues. After they befriend you, they might try to trick you into surrendering your personal or financial information.

Still others might claim that they are offering deep discounts to join a fantasy league. When you send them money, though, they disappear along with your funds, and you haven’t joined anything.
The key to avoiding these scams? Never click on a link from someone you don’t know. And never provide your financial or personal information to anyone asking for it in an email or text. No representative from your fantasy league should be asking for this information. If you’re uncertain whether an email or text is legitimate, don’t respond. Instead, contact your league at its customer service numbers or email address to ask.

Editor’s note: Our articles provide educational information. LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about.

This article contains

    How to help protect yourself against identity theft — because prevention is impossible
    You may have wondered how to help protect yourself from identity theft, particularly if you know others who’ve experienced it. Learn more from LifeLock.
    April 04, 2024 ·7 Minutes
    Read More
    What is personally identifiable information (PII)?
    Learn what personally identifiable information (PII) is, why it’s important, and how to protect yours in our guide.
    September 09, 2024 ·5 min read
    Read More
    What happens if you lose your Social Security card?
    If you lose your Social Security card, helping to protect yourself against identity theft matters most. Find out how to replace your lost or stolen SSN card here.
    July 13, 2023
    Read More
    How to dispute a credit report error in 5 easy steps
    Errors on consumer credit reports can be a common occurrence. If you find something in your credit report that doesn’t belong there, here’s what to do.
    August 11, 2017 ·3 Minutes
    Read More

    Start your protection,
    enroll in minutes.

    Get discounts, info, protection tips, and more.

    Sign up for promotional emails.