In July 2025, Paddy Power and Betfair experienced a cybersecurity incident that compromised the data of thousands of customers.
Register with KP Law today to find out more, including whether you could claim compensation.
In July 2025, Flutter Entertainment (the sports betting and gambling company that owns Paddy Power and Betfair) confirmed it had experienced a ‘data incident’ on the Betfair and Paddy Power platforms and the personal information of significant number of customers had been accessed by an ‘unauthorised third party’.
KP Law is building a claim against Flutter Entertainment, we understand the severity of the situation and the impact on the affected customers, and we believe you deserve justice. If you had an account with either site on or before July 2025, you may qualify to join our claim.
In July 2025, Flutter Entertainment plc, the owner of Paddy Power and Betfair, confirmed that both sites were affected by a cybersecurity incident involving unauthorised access to customer data.
While Flutter stated that not all users were impacted, they did confirm that a significant number of customer records were compromised. The exposed data may include:
They stated that some users were affected, but no full list has been released. Paddy Power and Betfair contacted a number of the customers believed to have been affected to alert them of the incident and provide information regarding online safety.
As far as we know information such as account and technical data and payment details have not been affected, but personal information about both Betfair and Paddy Power customers could have been compromised in the breach – and this is a very real concern for many customers. Thankfully the unauthorised access only relates to limited betting account information.
Flutter Entertainment have stated that they will now do a thorough review of the security of their network and customer data to prevent anything like this from happening again. They have recognised that up to 800,000 users in Ireland and the UK were impacted by the breach – but that no ID documents, passwords, or usable card details were stolen.
The company confirmed that they had notified the Data Protection Commission in Ireland and the Information Commissioner’s Office in the UK, as they’re obliged to do. Flutter Entertainment then conducted a full investigation to contain the breach and determine the scope of the information that had been stolen.
Under the UK GDPR and Data Protection Act 2018, you are entitled to compensation if you suffer either material or non-material damage due to a data breach.
Our team at KP Law has a strong track record of holding large corporations accountable for data misuse and privacy breaches. We operate on a no-win, no-fee basis, so there’s no cost to you unless your claim is successful.
KP Law is one of the leading law firms in England & Wales, specialising in what is often referred to as group action litigation. We see our role as being your champion, someone on your side to help bring businesses to account when they let you down
Click the link below to our sign up form which will take around 15 minutes to complete. We’ll keep your information secure, and we’ll keep you updated as the case progresses.
Cybersecurity experts have warned that the information exposed in this breach could be used in highly targeted scams, known as spear phishing attacks. Exposed personal information from both incidents increases the risk of identity theft and phishing emails and scams. Any unsolicited emails from Paddy Power or Betfair following the incident should be treated with caution.
These scams often involve emails that appear genuine and refer to your betting history or personal details, encouraging you to click links or share sensitive information like credit card or bank details.
With the rise of AI-generated content, there’s growing concern that cyber-criminals could launch large-scale attacks using this kind of data. That’s why it’s so important to understand whether your information may have been affected.
If you believe your data has been accessed, you should reset your passwords for Paddy Power and Betfair (and any other account sharing the same passwords) and you should stay alert to suspicious links, calls, texts, and emails as these may be phishing attempts.
If you believe your data may have been accessed, you should follow the below steps to protect yourself from further harm:
Change your login details for Paddy Power and Betfair, and ensure your other accounts use strong, unique passwords. Customers were also advised to change passwords and enable two-factor authentication (2FA) at the same time as a precautionary measure.
Stay alert for suspicious calls, texts or emails. Whilst the breach included limited betting account information and recent activity on accounts, there's still a risk that even limited personal information could be used in phishing scams.
Be aware of any unexpected activity on your accounts - consider getting a copy if your credit file to check for identity misuse after the breach.
While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:
With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.
GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.
