Paddy Power and Betfair Confirm Customer Data Breach
Hackers gained access to usernames, email addresses, partial home addresses (first line and city), as well as technical information such as device IDs and IP addresses of Paddy Power and Betfair customers.
What Happened
Parent company Flutter confirmed a data breach affecting customers of betting platforms Paddy Power and Betfair.
According to the official statement, passwords, ID documents, and payment information were not compromised.
However, the following data was exposed:
- Usernames
- Email addresses
- Contact details
- First line of home address
- City of residence
- Device IDs
- IP addresses
Actions Taken
In response to the breach, Flutter:
- Notified the UK Gambling Commission and the Information Commissioner’s Office
- Engaged external cybersecurity experts
- Conducted an internal investigation
- Identified and contained the unauthorized access
The company stated that the breach was isolated and has since been resolved. All affected users have been notified.
Statement from Flutter
We can confirm that Paddy Power and Betfair experienced a data incident involving some customer information. Upon discovery, we promptly informed regulators and launched an investigation with external IT experts. Unauthorized access has been removed and contained.
User Risks
While there is no evidence of misuse, customers have been warned about potential phishing attempts. Flutter urges users to remain especially vigilant regarding suspicious emails or messages.
Other Incidents in 2024
| Company | Month | Impact |
|---|---|---|
| British Horseracing Authority | June | Internal system breach |
| Marks & Spencer | Early 2024 | Store operations disrupted for 6 weeks, £300M in losses |
| Co-op | April | Cyberattack on retail and funeral services |
What Customers Should Do
Flutter recommends:
- Avoid clicking suspicious links
- Never provide personal data via unsolicited emails
- Report any suspicious activity to customer support
Note: Passwords and payment data were not affected, but users should still follow general security best practices.
Conclusion
The Paddy Power and Betfair breach highlights ongoing vulnerabilities in digital platforms. Although the breach was limited and quickly addressed, users are encouraged to take the situation seriously and follow recommended safety guidelines.