Ethical hacker of Germany Lilith Wittmann has taken responsibility for the breach of the Malta Gaming Authority’s (MGA) data following in a LinkedIn post, which was removed.
The hacker claimed, that by allowing Organised Crime Groups (OCGs) to operate, they were aiding and abetting criminality. The hacker stated that media outlets and law enforcement have already received copies of all data stolen during the breach; however additional data could potentially be released. This posting was not the first time Wittmann has attacked the gambling industry. In a separate attack against Merkur’s servers, multiple offshore gambling websites were reported to have been taken offline.
In a post Lilith Wittmann wrote:
Dear Malta Gaming Authority, Yes, I hacked you, and the data obtained has been shared with media partners, authorities…And yes, we will expose the organised crime enablement schemes you created while presenting yourselves as a ‘legitimate public service’. I hope the German authorities are, for once, smart and do not extradite me to Malta, where I would face up to 10 years imprisonment for hacking a public service. Any police action from Malta would also trigger the immediate release of my entire archive of iGaming-related data. I am certain that the information obtained is so valuable for the public discourse that obtaining it will one day, in the not-too-distant future, be seen as a justified necessity.
The MGA acknowledged it was aware of the claims made by Lilith Wittmann but strongly denied any wrongdoing. The MGA stated that any unauthorized access to the MGA’s computer systems is considered very serious and also condemned any unauthorized extraction of data from their systems or any dissemination of that data once extracted as very serious.
The MGA also stated that they operate under a comprehensive legal and regulatory framework, in accordance with their obligations regarding accountability, transparency, due process, and other appropriate behaviour. All of the claims made by Lilith Wittmann were also deemed to be without merit, and the MGA reaffirmed its position as a responsible regulator of the gaming industry.
As there have not been any public announcements concerning the extent of the breach or effects to the iGaming industry from the breach, the investigation is ongoing.
