Flutter Entertainment Launches Investigation into Data Breach Impacting Paddy Power and Betfair UK Customers

LONDON – July 9, 2025 — Flutter Entertainment plc (NYSE: FLUT), the global leader in sports betting and iGaming, has confirmed it is conducting a formal internal investigation following a cybersecurity incident that compromised personal data belonging to a significant number of UK-based customers across its Paddy Power and Betfair platforms.

The breach, which was recently detected by internal systems, resulted in unauthorized access to user information including usernames, email addresses, and the first lines of home addresses. Flutter has not disclosed the exact number of customers affected but acknowledged that the incident involves a “substantial portion” of its UK customer base.

A spokesperson for Flutter UK & Ireland stated:

“Immediately upon identifying the breach, we notified the relevant data protection and gambling regulatory authorities. A full-scale investigation was launched in collaboration with leading external cybersecurity experts. Ensuring the security and privacy of our customers remains our highest priority.”

The company emphasized that there is no evidence, at this stage, to suggest that financial data or account credentials such as passwords were compromised. Nevertheless, the company is urging customers to remain vigilant and to monitor their accounts for any suspicious activity.

According to Flutter’s 2024 Annual Report, the group operates 4.2 million average monthly active players across the UK and Ireland through its various brands, including Paddy Power, Betfair, Sky Betting & Gaming, and Tombola.

Both the UK Information Commissioner’s Office (ICO) and the UK Gambling Commission have acknowledged that they are aware of the incident and are in communication with Flutter regarding the ongoing investigation.

Cybersecurity professionals have expressed concern over the increasing frequency of data breaches within the gaming and betting sectors, which handle vast volumes of personal and behavioral data.

“The betting and gaming industry is a high-value target for cybercriminals,” said Dr. Karen Atwood, a cybersecurity consultant at the Centre for Digital Trust. “While payment data may be encrypted, the exposure of contact and residential information still presents serious risks for phishing, fraud, and social engineering.”

Flutter has initiated a review of its security infrastructure and data protection protocols to strengthen its cyber resilience. The company has also pledged to implement additional safeguards across all its platforms to prevent future incidents.

As the investigation continues, Flutter stated it would provide further updates to regulators, customers, and stakeholders in accordance with transparency obligations and evolving findings.