Chess.com Data Breach Affects Thousands of Users

On June 19, 2025, Chess.com LLC discovered unauthorized access to data stored in a third-party file transfer application. An investigation determined that an unauthorized actor accessed and acquired certain Chess.com user data. The exposed information included names and, in some cases, other unspecified data elements.

The breach was first made public when a threat actor known as Sworz claimed responsibility and posted about the incident on the open web on May 27, 2025. Chess.com has stated that approximately 4,541 users were impacted by the data breach.

The cybersecurity incident was reported to the Maine and Massachusetts Attorney Generals' offices on Sept. 3, 2025 and the Vermont Attorney General on Sept. 4, 2025. Chess.com began notifying impacted users by mail on Sept. 3, 2025.

The data breach was also disclosed to the New Hampshire Attorney General's office on Sept. 8, 2025.

Chess.com's response

Upon learning of the incident, Chess.com engaged cybersecurity experts, and notified federal law enforcement. The company is also offering affected individuals free IDX credit and CyberScan monitoring services.

If you receive a notice from Chess.com about this breach, you may want to:

• Sign up for the free IDX credit monitoring and identity protection services, provided by Chess.com.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For more information about the company, visit the Chess.com website.