Flutter Entertainment recently confirmed that its two major brands in the UK market—Paddy Power and Betfair—have experienced a player data breach involving "a large number of users." The company has notified affected customers via email and initiated an internal investigation.
According to information disclosed by Flutter to the media, the leaked data includes usernames, email addresses, the first line of home addresses, device IDs, IP addresses, and some account activity information. Despite this, Flutter emphasized that customer passwords, identity proofs, or bank card information were not involved, nor was there evidence of unauthorized account access. The company stated that the incident has been "contained," and accounts will not be suspended as a result.
The 2024 report shows that Flutter's brands in the UK and Ireland have an average of about 4.2 million active players per month. A source noted that although the law does not mandate customer notification, Flutter, considering transparency, proactively contacted affected users and reported to the UK Gambling Commission and the Information Commissioner's Office (ICO).
A spokesperson for Flutter UKI stated: "We took immediate action, notified the relevant regulatory authorities, and launched a comprehensive investigation with the assistance of external IT security experts. Unauthorized access has been blocked, and we are strengthening our network security to ensure the safety of customer information."
Player data breaches are not isolated incidents. In February this year, several operator websites under the German gambling brand Merkur were also attacked, with some sensitive data suspected to be compromised, prompting German regulators to demand enhanced cyber protection. In June, the British Horseracing Authority (BHA) also closed its London office due to a cyber attack.
This incident has once again drawn industry attention to the cybersecurity systems of gambling platforms, especially in terms of the management level of user data storage and access permissions. Flutter stated that it would further strengthen its defense mechanisms to prevent such incidents from recurring.