The Malta Gaming Authority, one of the most widely recognised online casino regulators in the world, confirmed on March 17, 2026 that it had identified a breach in one of its systems. On March 20, a German security researcher named Lilith Wittmann publicly claimed responsibility, saying she had shared the data she obtained with the media and law enforcement. She went further, alleging the MGA enables organised crime schemes within the Malta iGaming sector.
The MGA responded by saying core regulatory databases remain secure and that Wittmann's claims are unsubstantiated. The regulator condemned the unauthorised access.
What the Malta Gaming Authority Actually Does
The MGA is the body that licenses and regulates online casino operators in Malta. It is one of the two licences you will most often see at offshore casinos, alongside the Curaçao licence. The MGA has a higher reputation because it enforces stricter standards: operators must pass background checks, demonstrate financial stability, maintain segregated player funds, and comply with responsible gambling requirements. That is separate from anything relating to the authority's own internal security.
What the Hacker Said and What Has Been Released
Wittmann posted a public statement saying she had infiltrated the MGA systems and warned of further disclosures. She has shared data with media and law enforcement but has not, as of March 24, published it publicly. She warned that any attempt by Malta to have her extradited or prosecuted would trigger the immediate public release of her full archive. In March 2025, she accessed player data from over one million accounts at MGA-licensed casinos after finding weaknesses in software from Malta-based company The Mill Adventure, which exposed names, email addresses, payment card details, and home addresses.
Has Your Casino Account Been Compromised?
The breach was of the MGA own internal systems, not of any individual casino player database. The MGA has stated its core regulatory databases appear secure and that there is no current evidence of personal or licensee data being taken. For now, the practical steps we recommend are the same ones that always apply: change your password at any MGA-licenced casino where you use the same password elsewhere, enable two-factor authentication if the casino supports it, and keep an eye on your registered email address for any unusual activity.
What This Means for Australian and New Zealand Players
Most offshore casinos popular with Australian and Kiwi players hold either an MGA or Curaçao licence. The breach of the MGA systems is concerning news for the regulator's reputation, but it does not mean operators are directly compromised. What matters more in the long run is whether Wittmann's organised crime allegations are substantiated. If they are, the trust framework around MGA licensing would need to be reexamined. For now, MGA-licensed casinos continue to operate under the same regulatory requirements as before. For Australian and New Zealand players looking for vetted offshore operators, our real money casinos guide covers licensed and reviewed sites for AU and NZ players.
If you have concerns about your gambling, Gambling Help Online is available at gamblinghelponline.org.au or on 1800 858 858. GambleAware New Zealand can be reached at gamblinghelp.nz.
Reviews (0)
No comments yet. Be the first to comment!