Laws & Regulations

German security researcher takes responsibility for MGA breach

A German security researcher has claimed responsibility for breaching systems at Malta’s gambling regulator — raising fresh concerns about data security and oversight.

Share

German security researcher takes responsibility for MGA breach img

Breach confirmed as timeline unfolds

The Malta Gaming Authority confirmed a system breach on 17 March. Officials said they quickly started internal response steps after finding the issue.

The authority shared few details — leaving the full scale unclear. Still, the message showed concern as teams checked possible data exposure. Three days later, the story changed direction. A researcher came forward and claimed she carried out the breach.

Researcher steps forward with bold claims

Lilith Wittmann said she works as an ethical hacker in the sector. She claimed she accessed sensitive data from the regulator’s systems. According to her posts, the data may include player records and compliance files. If true, this could affect many licensed casinos and their users.

Her claims went further — and added tension to the story. She suggested the regulator may have links to organised crime in Malta. The original post was later removed, but the claims did not fade.  Soon after, she repeated her message in another public statement.

MGA rejects claims and defends its role

The MGA responded quickly and pushed back against the claims. It said such actions do not follow legal rules or proper conduct.

Officials said the claims appear unproven and lack clear evidence. They also defended their role in overseeing licensed casinos. In its response, the authority pointed to key principles:

  • Clear and open processes

  • Strong accountability

  • Independent decision making

A history of exposing security gaps

This is not the first time Wittmann has exposed weak systems. In March 2025, she revealed a major issue at Merkur Gaming. That case exposed about 800,000 player accounts through an open system endpoint. Sensitive data — including banking details — could be reached through simple queries.

The event raised concern about how casinos protect user data. It also showed how one weak system can affect others.

Wider impact on trust and regulation

The latest breach may increase pressure on regulators across Europe. More questions may follow about how sensitive data is stored and used. Beyond this case, trust remains a key issue for the sector. Players expect their data to stay safe under licensed systems.

Hence, even a small breach can harm trust — especially when facts remain unclear. The MGA now faces careful work as it reviews what happened. For now, many details remain unknown — and answers may take time.

Share

No spam, just News. Straight to your Inbox.

Join to stay up to date on your states gambling news and offers.


Mykhailiuta Maryna img
Mykhailiuta Maryna

Game Analyst & Reviewer

Mykhailiuta Maryna Game Analyst & Reviewer

More news

Laws & RegulationsSouth Africa's SABA Calls for Tougher Offshore Gambling Laws

South Africa's betting industry wants tougher action against illegal offshore gambling. The South African Bookmakers Association says stronger laws are needed to stop illegal operators from reaching local players.

Jul 09, 2026

South Africa's SABA Calls for Tougher Offshore Gambling Laws img