XML 45 R31.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Mar. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
In the ordinary course of our business, we collect, use, store, and digitally transmit confidential and personal information. The secure maintenance of this information and our information technology systems is important to our operations, business strategy, and maintaining the trust of our players, employees, and partners. To this end, we have implemented policies, practices and programs designed to assess, identify, and manage risks from potential unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality, integrity, and availability of these systems and the data residing therein. These processes are managed and monitored by dedicated information technology security teams, which are led by our Chief Information Security Officer. They include mechanisms, controls, technologies, systems, and other processes designed to maintain a stable information technology environment and protect against unauthorized access, use, destruction, modification or disclosure of confidential and personal information, and other information security incidents affecting our operations or the availability of our products and services. For example, we invest in tools to detect suspicious activity in accounts, give players the ability to use two-factor authentication and work to prevent the creation of mass user accounts.

We also regularly test our defenses through penetration and vulnerability testing. We implement controls and procedures designed to mitigate risk with third-party vendors and business partners who have access to confidential and personal information, including by conducting a formalized security risk assessment. Security risks identified in security risk assessments are remediated, and/or formally documented, and in some cases the business relationship may be ended or not pursued. Our employees and certain contractors are required to complete mandatory annual security training. These trainings raise awareness of security practices and educate employees to protect information assets and infrastructure. We consult with outside advisors and experts when appropriate to assist in assessing, identifying and managing cybersecurity risks, including providing an independent analysis of our preparedness, assessing and managing the current risk environment and assisting us in preparing for future threats and trends.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Risks associated with cybersecurity are integrated into our overall enterprise-risk assessment and more closely monitored by our information technology security teams.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Our Board of Directors maintains ultimate oversight over risks associated with cybersecurity and receives updates at least annually from our Chief Information Security Officer.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] In addition, our Audit Committee, which is composed solely of independent directors, receives updates from our Chief Information Security Officer on a quarterly basis, and more frequently as appropriate, that provide additional detail about the steps we take to monitor and mitigate these risks.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] In addition, our Audit Committee, which is composed solely of independent directors, receives updates from our Chief Information Security Officer on a quarterly basis, and more frequently as appropriate, that provide additional detail about the steps we take to monitor and mitigate these risks.
Cybersecurity Risk Role of Management [Text Block] Our Chief Information Security Officer, who reports directly to our Chief Technology Officer, has extensive experience managing information technology and cybersecurity matters and is responsible for assessing and managing cybersecurity risks.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our Chief Information Security Officer, who reports directly to our Chief Technology Officer, has extensive experience managing information technology and cybersecurity matters and is responsible for assessing and managing cybersecurity risks.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our Chief Information Security Officer, who reports directly to our Chief Technology Officer, has extensive experience managing information technology and cybersecurity matters and is responsible for assessing and managing cybersecurity risks.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] In addition, our Audit Committee, which is composed solely of independent directors, receives updates from our Chief Information Security Officer on a quarterly basis, and more frequently as appropriate, that provide additional detail about the steps we take to monitor and mitigate these risks.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true