Paddy Power Cyberattack Update: What Was Stolen and How Could the Breach Affect You?

While no passwords or payment details were reportedly compromised, users were warned that other personal details may have been accessed. The breach has now been contained, but the incident has raised new concerns over data security in the UK's betting market, which is one of the largest in the world.

What Kind of Data Was Accessed?

Flutter has confirmed that while the most sensitive data, such as bank card information, ID documents, and passwords, remained secure, other user information was exposed. This includes: usernames, email addresses, contact information, the first line of home addresses, town or city of residence, IP addresses, device identifiers, and recent activity on the betting platforms.

In an email sent directly to customers, Betfair stated: 'The nature of this incident means that, regrettably, some of your personal information has been impacted. Importantly, this does not include passwords, ID documents or any usable card or payment details.'

Who is Affected?

According to reports, up to 800,000 customers across the UK and Ireland are understood to be affected by the breach. While the company has not confirmed the exact number, the incident is believed to have impacted nearly one in five monthly users of the sites. All affected customers have been contacted by email.

The company has urged users to stay alert to any suspicious emails or messages, particularly those asking for sensitive information.

'If certain types of personal information were accessed, there is a risk that criminals may use this information to conduct phishing against you or attempt to impersonate you,' Flutter warned.

How Has Flutter Responded?

According to reports, Flutter said it acted quickly after discovering the breach, initiating a full-scale investigation and bringing in external IT security experts. It has also reported the incident to the Information Commissioner's Office (ICO) and Ireland's Data Protection Commission (DPC).

A company spokesperson told the Racing Post: 'Immediately upon becoming aware of this incident, we informed relevant regulators and authorities and initiated a full investigation... The unauthorised access has been removed and the incident contained.'

The company stressed that the breach was limited to 'betting account information' and that it is continuing to review and enhance its systems to prevent future intrusions.

Could This Affect You?

Even though banking details weren't compromised, the type of information that was taken could still be used for phishing scams, spam, or identity fraud. According to cyberattack experts, users should monitor their inboxes, particularly for emails that appear to originate from Paddy Power, Betfair, or other gambling brands.

Experts recommend avoiding clicking on links from unknown sources and updating passwords regularly, even if they weren't part of the breach.

Another Hit For the Industry

The Flutter breach is the latest in a series of cyberattacks affecting high-profile UK institutions this year.

Just weeks earlier, the British Horseracing Authority was hit by a ransomware attack that forced its staff to work from home. In another report, retailer Marks & Spencer also suffered a serious breach that reportedly cost it £300 million in lost profits.

The gambling sector, in particular, has faced criticism for how it handles customer data. Earlier this year, dozens of betting sites were found to have been sharing customer activity with Facebook without permission, raising further questions around transparency and compliance.

With regulators now reviewing the incident, Flutter is expected to face closer scrutiny over how it stores and protects user data. The company is also undergoing a major internal restructuring, with more than 200 job cuts reportedly expected in the UK and Ireland as part of a push to unify its platforms.