KP Law Logo col horizontal

Paddy Power and Betfair Data Breach

Important Information for Customers

SIGN UP TODAY

Are you a Paddy Power or Betfair customer?

In July 2025, Paddy Power and Betfair experienced a cybersecurity incident – compromising the data of thousands of customers.

Register with KP Law today to find out more, including whether you could claim compensation.

SIGN UP TODAY

Have you been affected by the Paddy Power and Betfair data breach?

In July 2025, Flutter Entertainment (the sports betting and gambling company that owns Paddy Power and Betfair) confirmed it had experienced a ‘data incident’ on the Betfair and Paddy Power platforms and the personal information of significant number of customers had been accessed by an ‘unauthorised third party’. 

KP Law is investigating this cybersecurity incident to better understand this breach, including the severity of situation and the impact on the affected customers. If you had an account with either site on or before July 2025, you may be able to help us better understand what happened.

GET IN TOUCH WITH KP LAW

What do we know about the breach?

In July 2025, Flutter Entertainment plc, the owner of Paddy Power and Betfair, confirmed that both sites were affected by a cybersecurity incident involving unauthorised access to customer data.

While Flutter stated that not all users were impacted, they did confirm that a significant number of customer records were compromised. The exposed data may include:

  • Usernames
  • Email addresses
  • Contact details, including first lines of address
  • Device IDs
  • IP addresses
  • Recent activity on the platform

They stated that some users were affected, but no full list has been released. Paddy Power and Betfair contacted a number of the customers believed to have been affected to alert them of the incident and provide information regarding online safety.

Why we want to hear from you

We’re currently gathering information from individuals who had an account with Paddy Power or Betfair at the time of the breach. This helps us understand how people may have been affected and whether a legal claim could be viable.

At this stage, this is not an active claim – and providing your details carries no cost and no obligation.

You may be able to help if you:

  • Had an account with Paddy Power or Betfair in or before July 2025
  • Received a notification from the company about the data breach
  • Believe your data may have been compromised
  • Have questions or concerns about what happened

What happens next?

  1. Fill in the short form below – it takes less than 2 minutes.
  2. We’ll assess the information we receive from you and others.
  3. If there’s a potential for legal action, we’ll be in touch to explain next steps.

We’ll keep your information secure, and you won’t be signed up to any formal legal action unless you choose to be.

LET US KNOW IF YOU IF YOU ARE A VICTIM OF THE FLUTTER DATA BREACH

Join the Group Action Today

Register your details in less than 2 minutes

Pay nothing unless your claim is successful

Join thousands of others seeking justice

Take action now – don’t let Flutter Entertainment's failure go unanswered.

SIGN UP TODAY

How could you be at risk?

Cybersecurity experts have warned that the information exposed in this breach could be used in highly targeted scams, known as spear phishing attacks.

These scams often involve emails that appear genuine and refer to your betting history or personal details, encouraging you to click links or share sensitive information like credit card or bank details.

With the rise of AI-generated content, there’s growing concern that cyber-criminals could launch large-scale attacks using this kind of data. That’s why it’s so important to understand whether your information may have been affected.

What Should You Do Now?

If you believe your data may have been accessed, you should follow the below steps to protect yourself from further harm:

Reset Your Password

Change your login details for Paddy Power and Betfair, and ensure your other accounts use strong, unique passwords.

Watch For Scams

Stay alert for suspicious calls, texts or emails.

Monitor Your Credit

Be aware of any unexpected activity on your accounts

Learn how to stay safe following a data breach:

GET OUR GUIDE TO STAYING SAFE AFTER A DATA BREACH

What can you claim for?

While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:

Financial loss

With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.

Distress

GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.

Loss of privacy

Your data has value, and organisations must be held to account if they fail to protect your right to data privacy or otherwise do not uphold your GDPR rights.
 

How to protect yourself following a data breach or cybercrime

  • Contact your bank or credit card provider immediately if your financial data has been exposed.
  • Check all bills and emails for goods or services you have not ordered.
  • Check your bank account for unfamiliar transactions.
  • Alert your bank or credit card provider immediately if there is any suspicious activity.
  • Monitor your credit score for any unexpected dips.
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name.
  • Never provide your PIN or full password to anyone (even someone claiming to be from your bank).
  • Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
  • Follow the security instructions provided by the organisation that breached your data.
  • Never automatically click on any suspicious links or downloads in emails or texts.
  • Don’t assume an email or phone call is authentic just because someone has your details.
  • Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details.
  • Know that, even if you recognise a name or number, it might not be genuine.
  • Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot.
  • Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction.
  • Listen to your instincts and ask questions if something feels “off”.
  • Refuse requests for personal or financial information and stop discussions if you are at all unsure.
  • Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine.
  • Be cautious of unsolicited communications that refer you to a web page asking for personal data.
  • Don’t accept friend requests from people you don’t know on social media.
  • Review your online privacy settings.
  • Report suspected fraud attempts to the police and Action Fraud.
  • Register with the Cifas protective registration service to slow down credit applications made in your name.
  • Change your passwords regularly and use a different password for every account (a password manager can help with this).
  • Protect your devices with up-to-date internet security software.

*We are currently investigating the July 2025 data breach involving Paddy Power and Betfair. This is not an active legal claim. All information shared through this form will be used to assess whether legal action may be possible in the future. Any future representation will be subject to a formal engagement process.*