German security researcher takes responsibility for MGA breach
A German security researcher has claimed responsibility for breaching systems at Malta’s gambling regulator — raising fresh concerns about data security and oversight.

Breach confirmed as timeline unfolds
The Malta Gaming Authority confirmed a system breach on 17 March. Officials said they quickly started internal response steps after finding the issue.
The authority shared few details — leaving the full scale unclear. Still, the message showed concern as teams checked possible data exposure. Three days later, the story changed direction. A researcher came forward and claimed she carried out the breach.
Researcher steps forward with bold claims
Lilith Wittmann said she works as an ethical hacker in the sector. She claimed she accessed sensitive data from the regulator’s systems. According to her posts, the data may include player records and compliance files. If true, this could affect many licensed casinos and their users.
Her claims went further — and added tension to the story. She suggested the regulator may have links to organised crime in Malta. The original post was later removed, but the claims did not fade. Soon after, she repeated her message in another public statement.
MGA rejects claims and defends its role
The MGA responded quickly and pushed back against the claims. It said such actions do not follow legal rules or proper conduct.
Officials said the claims appear unproven and lack clear evidence. They also defended their role in overseeing licensed casinos. In its response, the authority pointed to key principles:
Clear and open processes
Strong accountability
Independent decision making
A history of exposing security gaps
This is not the first time Wittmann has exposed weak systems. In March 2025, she revealed a major issue at Merkur Gaming. That case exposed about 800,000 player accounts through an open system endpoint. Sensitive data — including banking details — could be reached through simple queries.
The event raised concern about how casinos protect user data. It also showed how one weak system can affect others.
Wider impact on trust and regulation
The latest breach may increase pressure on regulators across Europe. More questions may follow about how sensitive data is stored and used. Beyond this case, trust remains a key issue for the sector. Players expect their data to stay safe under licensed systems.
Hence, even a small breach can harm trust — especially when facts remain unclear. The MGA now faces careful work as it reviews what happened. For now, many details remain unknown — and answers may take time.
More news
South Africa's betting industry wants tougher action against illegal offshore gambling. The South African Bookmakers Association says stronger laws are needed to stop illegal operators from reaching local players.
Jul 09, 2026

