Cyber Incident Victim: Flutter Entertainment

In July 2025, Flutter Entertainment publicly disclosed a significant data breach impacting customers of its Betfair and Paddy Power brands. The incident, announced on September 1, 2025, affected a substantial number of individuals, with estimates reaching up to 800,000 customers across these platforms. The breach compromised certain customer data held by Flutter Entertainment. While the specific date of the initial intrusion or data exfiltration was not detailed in the public announcement, the disclosure indicated the breach occurred prior to September 2025. Flutter Entertainment initiated its response by notifying affected customers about the security incident. The company also launched an investigation to determine the full scope and root cause of the breach. This investigation involved internal security teams and likely external cybersecurity experts.

The compromised data included personal information belonging to Betfair and Paddy Power users, though the precise types of data accessed were not enumerated in the initial report. Flutter Entertainment acknowledged the potential risks to affected customers stemming from the exposure of their personal details. Potential consequences highlighted included an increased risk of identity theft and fraud for the impacted individuals. As part of its response actions, Flutter Entertainment undertook measures to contain the breach and prevent further unauthorized access, although specific technical containment steps were not publicly described. The company focused on communicating with customers and regulatory authorities regarding the incident and its impact. The breach represented a significant security event for the gambling operator, impacting a large segment of its customer base in Ireland and potentially other regions.