Paddy Power and Betfair, have reported a significant data breach. The incident, disclosed by their parent company Flutter, while the breach did not involve sensitive data such as passwords or payment details says the company.

Flutter announced that a data incident had occurred, affecting a subset of customers from both Paddy Power and Betfair. The breach reportedly involved unauthorized access to personal information, including usernames, email addresses, and contact details. Although the company reassured customers that no financial data or identification documents were compromised, the breach still poses a risk of phishing attacks and identity theft.

Upon discovering the breach, Flutter said it took swift action. The company promptly informed relevant regulatory bodies, including the Gambling Commission and the Information Commissioner’s Office. They initiated a thorough investigation, enlisting external IT security experts to assess the situation and enhance their security measures. Flutter has stated that the unauthorized access has been contained, and they are actively notifying affected customers.

The breach has impacted a limited number of customers, but the exact number has not been disclosed. Those affected have been informed via email, detailing the nature of the breach and the specific information that may have been compromised.

While the breach did not expose sensitive financial information, the leaked data could still be exploited. Cybercriminals may use the compromised information to launch phishing attacks, tricking customers into revealing more sensitive data.

In light of this incident, Flutter has emphasized its commitment to safeguarding customer information. The company is reviewing its security protocols and implementing additional measures to prevent future breaches. This includes enhancing their network security and conducting regular audits to identify potential vulnerabilities.

Flutter has pledged to maintain open lines of communication with affected customers. They are providing updates on the investigation and any further steps being taken to enhance security.

The breach at Paddy Power and Betfair is part of a broader trend in the gambling industry, where cyberattacks have become increasingly common. Just a month prior, the British Horseracing Authority (BHA) experienced a cyberattack that disrupted its internal systems.

The recent breaches serve as a wake-up call for companies in the gambling sector and beyond. Organizations must prioritize cybersecurity and invest in advanced technologies to protect customer data. The 2025 London Gaming Congress (LGC) highlighted the risks and dangers of cyber attacks and how companies need to be more pro-active as opposed to reactive.