Flutter Entertainment has confirmed some Paddy Power and Betfair customers’ personal information has been compromised in a data breach at the New York-listed operator.
The operator said that no passwords, identification documents or payment details were acquired by the bad actors during the hack.
In notices sent to customers in recent days, the business did confirm that usernames, emails and contact information could have been obtained by the hackers.
The breach could have also resulted in some customers’ first line of their address and city being taken.
The hack, which EGR understands is significant, is contained to the Paddy Power and Betfair brands. Flutter’s other UK and Ireland-facing sites, Sky Betting & Gaming and tombola, were not impacted.
EGR also understands that Flutter has informed both the Gambling Commission and the Information Commissioner’s Office.
A Flutter spokesperson said: “We can confirm that our Paddy Power and Betfair businesses have suffered a data incident involving personal information for some of our customers.
“Immediately upon becoming aware of this incident, we informed relevant regulators and authorities and initiated a full investigation, supported by external IT security experts, to understand what happened and how we can better protect our networks and customers. The unauthorised access has been removed and the incident contained.
“Our investigation concluded that the affected information was isolated to limited betting account information. No passwords, ID documents or usable card or payment details were impacted. We are informing all affected customers.
“Safeguarding and securing our customers’ information is of the utmost importance to us.”
Last month, the British Horseracing Authority was hit by a cyberattack. The BBC reported the ransomware attack was limited to “internal systems and data”.
Outside of the sector, British retail giant Marks & Spencer was hit in a major breach, with customers’ telephone numbers, home addresses and dates of birth having been stolen.
In March, EGR reported that Stakelogic was hit by a cybersecurity incident in which CEO Stephan van den Oetelaar’s emails were hacked.
The CEO’s inbox was accessed by an unauthorised party, with those involved proceeding to send emails that appeared to come from Oetelaar.
In January, it was confirmed that MGM Resorts International would pay $45m in a data-breach lawsuit settlement.
The US giant was compromised in two breaches, one in 2019 and another in 2023. The later hack saw its land-based systems taken offline for several days.
The post Paddy Power and Betfair customer data compromised in cyberattack first appeared on EGR Intel.
Flutter Entertainment confirms two of its UK- and Ireland-facing brands impacted, although operator stresses that no passwords, IDs or payment details were obtained
The post Paddy Power and Betfair customer data compromised in cyberattack first appeared on EGR Intel.