KP Law Logo col horizontal

Paddy Power and Betfair Data Breach

KP Law can help victims to claim compensation

SIGN UP TODAY

Are you a Paddy Power or Betfair customer?

In July 2025, Paddy Power and Betfair experienced a cybersecurity incident – compromising the data of thousands of customers.

Register with KP Law today to find out more, including whether you could claim compensation.

START YOUR CLAIM TODAY

Have you been affected by the Paddy Power and Betfair data breach?

In July 2025, Flutter Entertainment (the sports betting and gambling company that owns Paddy Power and Betfair) confirmed it had experienced a ‘data incident’ on the Betfair and Paddy Power platforms and the personal information of significant number of customers had been accessed by an ‘unauthorised third party’. 

KP Law is building a claim against Flutter Entertainment, we understand the severity of situation and the impact on the affected customers, and we believe you deserve justice. If you had an account with either site on or before July 2025, you may qualify to join our claim.

START YOUR FLUTTER DATA BREACH CLAIM

What do we know about the breach?

In July 2025, Flutter Entertainment plc, the owner of Paddy Power and Betfair, confirmed that both sites were affected by a cybersecurity incident involving unauthorised access to customer data.

While Flutter stated that not all users were impacted, they did confirm that a significant number of customer records were compromised. The exposed data may include:

  • Usernames
  • Email addresses
  • Contact details, including first lines of address
  • Device IDs
  • IP addresses
  • Recent activity on the platform

They stated that some users were affected, but no full list has been released. Paddy Power and Betfair contacted a number of the customers believed to have been affected to alert them of the incident and provide information regarding online safety.

You may be eligible for the claim if you:

  • Had an account with Paddy Power or Betfair in or before July 2025
  • Received a notification from the company about the data breach
  • Believe your data may have been compromised

What happens next?

Our team at KP Law has a strong track record of holding large corporations accountable for data misuse and privacy breaches. We operate on a no-win, no-fee basis, so there’s no cost to you unless your claim is successful.

KP Law is one of the leading law firms in England & Wales, specialising in what is often referred to as group action litigation. We see our role as being your champion, someone on your side to help bring businesses to account when they let you down

Click the link below to our sign up form which will take around 15 minutes to complete. We’ll keep your information secure, and we’ll keep you updated as the case progresses.

SIGN UP TO OUR CLAIM AGAINST FLUTTER ENTERTAINMENT

Join the Group Action Today

Register your details in less than 2 minutes

Pay nothing unless your claim is successful

Join thousands of others seeking justice

Take action now – don’t let Flutter Entertainment's failure go unanswered.

SIGN UP TODAY TO THE FLUTTER DATA BREACH CLAIM

How could you be at risk?

Cybersecurity experts have warned that the information exposed in this breach could be used in highly targeted scams, known as spear phishing attacks.

These scams often involve emails that appear genuine and refer to your betting history or personal details, encouraging you to click links or share sensitive information like credit card or bank details.

With the rise of AI-generated content, there’s growing concern that cyber-criminals could launch large-scale attacks using this kind of data. That’s why it’s so important to understand whether your information may have been affected.

What Should You Do Now?

If you believe your data may have been accessed, you should follow the below steps to protect yourself from further harm:

Reset Your Password

Change your login details for Paddy Power and Betfair, and ensure your other accounts use strong, unique passwords.

Watch For Scams

Stay alert for suspicious calls, texts or emails.

Monitor Your Credit

Be aware of any unexpected activity on your accounts

Learn how to stay safe following a data breach:

GET OUR GUIDE TO STAYING SAFE AFTER A DATA BREACH

What can you claim for?

While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:

Financial loss

With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.

Distress

GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.

Loss of privacy

Your data has value, and organisations must be held to account if they fail to protect your right to data privacy or otherwise do not uphold your GDPR rights.
 

How to protect yourself following a data breach or cybercrime

  • Contact your bank or credit card provider immediately if your financial data has been exposed.
  • Check all bills and emails for goods or services you have not ordered.
  • Check your bank account for unfamiliar transactions.
  • Alert your bank or credit card provider immediately if there is any suspicious activity.
  • Monitor your credit score for any unexpected dips.
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name.
  • Never provide your PIN or full password to anyone (even someone claiming to be from your bank).
  • Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
  • Follow the security instructions provided by the organisation that breached your data.
  • Never automatically click on any suspicious links or downloads in emails or texts.
  • Don’t assume an email or phone call is authentic just because someone has your details.
  • Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details.
  • Know that, even if you recognise a name or number, it might not be genuine.
  • Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot.
  • Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction.
  • Listen to your instincts and ask questions if something feels “off”.
  • Refuse requests for personal or financial information and stop discussions if you are at all unsure.
  • Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine.
  • Be cautious of unsolicited communications that refer you to a web page asking for personal data.
  • Don’t accept friend requests from people you don’t know on social media.
  • Review your online privacy settings.
  • Report suspected fraud attempts to the police and Action Fraud.
  • Register with the Cifas protective registration service to slow down credit applications made in your name.
  • Change your passwords regularly and use a different password for every account (a password manager can help with this).
  • Protect your devices with up-to-date internet security software.