The Malta Gaming Authority identified a breach in one of its systems on March 17, 2026, activating its internal response protocols. On March 20, Berlin-based IT security researcher Lilith Wittmann claimed responsibility publicly, stating she had accessed the authority systems and shared data with media partners and law enforcement. She warned she would expose what she described as organised crime enablement schemes linked to Malta iGaming sector.
Wittmann is a member of the Chaos Computer Club, Europe largest hacker collective, and has a track record of exposing vulnerabilities in public institutions. In March 2025 she accessed data from more than one million online casino player accounts after exploiting weaknesses in software provided by Malta-based company The Mill Adventure.
What the MGA Said
The authority pushed back on the substance of Wittmann allegations. In a statement, the MGA said it condemns any unauthorised access to its systems and any extraction, handling or dissemination of data obtained through such activity. The regulator stated that core regulatory databases remain secure and that there is currently no evidence of personal or licensee data exfiltration. The MGA did not directly address the specific organised crime claims.
What Wittmann Claims and What She Has Said She Will Do
Wittmann stated she has shared all data obtained from the breach with media partners and law enforcement. She warned that any police action from Malta, including extradition proceedings, would trigger the immediate release of her entire archive of iGaming-related data. Her claims about organised crime within Malta iGaming sector are serious but, as of this writing, unverified. The MGA licences hundreds of operators serving players across Europe, Australia, and New Zealand.
Why This Matters for Licensing and Player Trust
Malta Gaming Authority has long been positioned as a credible licensing body. MGA-licensed casinos are considered more trustworthy than Curaçao-licensed alternatives because Malta requires operators to meet higher standards around player protection, KYC, and segregated funds. If the allegations of organised crime links are substantiated, it would represent a significant challenge to that credibility. No MGA-licensed operator has been named in connection with Wittmann claims.
What This Means for Australian and New Zealand Players
Most offshore casinos accepted by Australian and New Zealand players carry either an MGA or Curaçao licence. A breach of the MGA own systems does not mean your account data at any specific casino has been compromised. The regulator confirmed its core regulatory databases appear secure. For players concerned about data security at any licensed casino, the standard advice applies: use unique passwords, enable two-factor authentication where available, and report any suspicious account activity directly to the casino support team. Players with gambling concerns can contact Gambling Help Online at gamblinghelponline.org.au or call 1800 858 858. GambleAware New Zealand is available at gamblinghelp.nz.
For a reviewed list of best online casinos that hold verified MGA licences, CasinosHub covers licensed operators for Australian and New Zealand players.
Reviews (0)
No comments yet. Be the first to comment!