Flutter Entertainment has confirmed that a significant data breach has affected customers of its Paddy Power and Betfair brands. The breach came to light on July 8. Flutter revealed that the breach exposed personal information, including usernames, email addresses, and parts of customers’ home addresses. While not all users were impacted, a substantial portion of their customer base was affected.

In addition to personal details, the breach also compromised technical data, including device identifiers, IP addresses, and some activity logs. Flutter assured its customers that no sensitive information, such as passwords, identification documents, or payment card data, was part of the breach. However, the company still cautioned users to remain vigilant. The exposed information could potentially be used for phishing scams or impersonation attempts.
Flutter took immediate steps to contain the situation upon discovering the breach. The company quickly notified affected customers through email and engaged external IT security experts to make a thorough investigation. As reported by Next.io, a Flutter spokesperson said they immediately informed relevant regulators and authorities upon discovering the incident. They also launched a full investigation right away. They emphasized that they had blocked the unauthorized access and contained the breach.
Flutter informed the Gambling Commission and the Information Commissioner’s Office (ICO) about the breach to comply with regulatory requirements. Although not legally required to disclose the breach due to the limited nature of the data exposed, the company chose to do so in the interest of transparency and customer protection.
The company remains cautious while Flutter has not found any evidence of misuse of the compromised data. The spokesperson added that they are not aware of any misuse of personal information at this time. However, they urged customers to remain vigilant. The quick response of the company, as well as continued communication with customers reflect its commitment to safeguarding customer data. The company advises users to stay alert for any suspicious activity on their accounts. This includes phishing attempts that could arise from the exposed information.