All bets are off as Paddy Power customer data is stolen

Paddy Power might be known for its off the wall bets – from seagulls taking over the world and sidebets on the footie to the next global CEO of WPP and whether the moon is made of cheese – but there is no sign yet that the gambling giant is offering odds on the safety of its own customer data following a major hack on parent company Flutter Entertainment.

Flutter, which has 4.2 million average monthly players across all of its brands in the UK and Ireland – including Sky Bet, Tombola and Betfair – has warned customers to “remain vigilant” after fessing up to a hack which has affected up to 800,000 customers.

Some personal information including IP addresses, email addresses, and online activity data has been compromised but the company insists that no passwords, ID documents or usable card or payment details have been impacted.

Even so, Flutter has attempted to calm the nerves of those affected by providing them with online safety information and insisting “there is nothing you need to do in response to this incident”.

However, cybersecurity experts have warned the breached data could be used to target unsuspecting customers with convincing personal emails.

Storm Guidance chief marketing officer Harley Morlet said individuals who spend large amounts of money with the gambling brands could be targets.

He told the BBC’s Today programme: “With the advent of AI, I think it would actually be very easy to build out a large-scale automated attack. Basically, focusing on crafting messages that look appealing to those gamblers.”

The move comes as luxury goods brand Louis Vuitton has issued warning to customers to be on their guard against opportunist fraud attempts after their data was also compromised in a cyber-attack on the retailer.

In an email sent to customers, Louis Vuitton revealed that its IT systems were accessed on July 2 2025 by an unauthorised third party, who was able to obtain information including names, contact details and purchasing histories – all data of use to cyber criminals. Louis Vuitton said that bank and credit card details were not affected.

Cyber criminals have had a busy few months. Since the spring, Marks & Spencer, the Co-op, Harrods, Adidas, Victoria’s Secret, Cartier, North Face and Adidas have all been forced to fess up to data breaches.

Meanwhile, M&S chairman Archie Norman has called on MPs to make it a legal requirement for UK businesses to report major cyber-attacks, after claiming that two hacks involving “large British companies” had gone unreported in recent months.