Two Connecticut Men Charged in $3M Online Gambling Fraud Scheme Using Stolen Identities
Two Connecticut residents, 29-year-old Amitoj Kapoor and Siddharth Lillaney of Glastonbury, were arrested on Thursday after a federal grand jury indicted them on 45 counts related to a multi-year fraud scheme targeting online gambling platforms. The pair allegedly defrauded FanDuel, DraftKings, BetMGM, and other sites of $3 million using stolen personally identifiable information (PII) from approximately 3,000 victims.
Between April 2021 and 2026, Kapoor and Lillaney purchased stolen PII including names, dates of birth, addresses, Social Security numbers, and contact details from darknet markets and Telegram. They then used this data to create thousands of fraudulent gambling accounts, leveraging background-check services like TruthFinder and BeenVerified to bypass verification processes. Kapoor maintained a spreadsheet, "Tracker.xlsx," to organize the stolen information, as evidenced by text messages discussing the use of reverse phone searches to match identities.
The scheme exploited promotional bonuses offered to new users, allowing the defendants to place bets with stolen funds. When winnings were secured, they transferred the proceeds to virtual stored-value cards and then into personal bank and investment accounts.
The indictment includes charges of conspiracy to commit wire and identity fraud, wire fraud (23 counts), identity fraud (8 counts), aggravated identity theft (2 counts), and money laundering (11 counts). If convicted, Kapoor and Lillaney face decades in prison, with aggravated identity theft carrying a mandatory two-year consecutive sentence.
U.S. Attorney David X. Sullivan stated that the defendants "used thousands of stolen identities to open online gambling accounts and exploit new user incentives," while IRS Special Agent in Charge Thomas Demeo emphasized the "immeasurable hardship" caused to victims. Both were released on $300,000 bond pending trial.
FanDuel TPRM report: https://www.rankiteo.com/company/fanduel
BetMGM TPRM report: https://www.rankiteo.com/company/betmgm
DraftKings TPRM report: https://www.rankiteo.com/company/draftkings-inc-
"id": "drabetfan1770637923",
"linkid": "draftkings-inc-, betmgm, fanduel",
"type": "Cyber Attack",
"date": "4/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Gambling',
'name': 'FanDuel',
'type': 'Online gambling platform'},
{'industry': 'Gambling',
'name': 'DraftKings',
'type': 'Online gambling platform'},
{'industry': 'Gambling',
'name': 'BetMGM',
'type': 'Online gambling platform'},
{'name': 'Victims',
'size': 'Approximately 3,000',
'type': 'Individuals'}],
'attack_vector': 'Stolen PII purchased from darknet markets and Telegram',
'data_breach': {'data_exfiltration': 'Purchased from darknet markets and '
'Telegram',
'number_of_records_exposed': 'Approximately 3,000',
'personally_identifiable_information': 'Names, dates of '
'birth, addresses, '
'Social Security '
'numbers, contact '
'details',
'sensitivity_of_data': 'High (names, dates of birth, '
'addresses, Social Security numbers, '
'contact details)',
'type_of_data_compromised': 'Personally identifiable '
'information (PII)'},
'description': 'Two Connecticut residents, Amitoj Kapoor and Siddharth '
'Lillaney, were arrested and indicted on 45 counts related to '
'a multi-year fraud scheme targeting online gambling '
'platforms. The pair allegedly defrauded FanDuel, DraftKings, '
'BetMGM, and other sites of $3 million using stolen personally '
'identifiable information (PII) from approximately 3,000 '
'victims.',
'impact': {'data_compromised': 'Personally identifiable information (PII) '
'including names, dates of birth, addresses, '
'Social Security numbers, and contact details',
'financial_loss': '$3,000,000',
'identity_theft_risk': 'High (3,000 victims affected)',
'legal_liabilities': 'Potential decades in prison for the '
'defendants; aggravated identity theft '
'charges carry a mandatory two-year '
'consecutive sentence',
'systems_affected': 'Online gambling platforms (FanDuel, '
'DraftKings, BetMGM, and others)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (stolen PII)',
'entry_point': 'Darknet markets and Telegram'},
'investigation_status': 'Ongoing (indictment filed, trial pending)',
'motivation': 'Financial gain',
'post_incident_analysis': {'root_causes': 'Weak verification processes for '
'new user accounts on online '
'gambling platforms; exploitation '
'of promotional bonuses'},
'references': [{'source': 'Federal grand jury indictment'},
{'source': 'U.S. Attorney David X. Sullivan'},
{'source': 'IRS Special Agent in Charge Thomas Demeo'}],
'regulatory_compliance': {'legal_actions': '45-count federal indictment '
'(conspiracy to commit wire and '
'identity fraud, wire fraud, '
'identity fraud, aggravated '
'identity theft, money '
'laundering)'},
'response': {'law_enforcement_notified': 'Yes (Federal grand jury indictment, '
'IRS involvement)'},
'threat_actor': 'Amitoj Kapoor and Siddharth Lillaney',
'title': 'Two Connecticut Men Charged in $3M Online Gambling Fraud Scheme '
'Using Stolen Identities',
'type': 'Fraud Scheme',
'vulnerability_exploited': 'Weak verification processes for new user accounts '
'on online gambling platforms'}