German ethical hacker Lilith Wittmann has claimed responsibility for this week’s mysterious Malta Gaming Authority data breach.
In a blistering and cryptic LinkedIn post published Friday afternoon, which has since been removed by the platform, Wittmann alleged the regulator had somehow played a role in the “enablement of organised crime schemes”.
This marks the second time Wittmann has targeted the gambling sector, after a hack into Merkur’s systems ultimately resulted in several offshore sites shutting down last year.
She wrote:
“Dear Malta Gaming Authority, Yes, I hacked you, and the data obtained has been shared with media partners, authorities… And yes, we will expose the organised crime enablement schemes you created while presenting yourselves as a ‘legitimate public service’.”
Extradition Warnings and Potential Data Release
Lilith Wittmann also warned the authorities that any attempt to extradite her to Malta would result in her releasing the data publicly.
“I hope the German authorities are, for once, smart and do not extradite me to Malta, where I would face up to 10 years imprisonment for hacking a public service. Any police action from Malta would also trigger the immediate release of my entire archive of iGaming-related data. I am certain that the information obtained is so valuable for the public discourse that obtaining it will one day, in the not-too-distant future, be seen as a justified necessity.”
Malta Gaming Authority Response to Unauthorized Access
The MGA responded defiantly on 20 March, stating that allegations made in the context of “unauthorised system access” are unsubstantiated.
“The Malta Gaming Authority (MGA) is aware of public statements made by an individual claiming responsibility for unauthorised access to one of the Authority’s systems and making a series of allegations and threats in that context. The MGA condemns any unauthorised access to its systems and any extraction, handling or dissemination of data obtained through such activity. Such conduct is unacceptable and incompatible with lawful engagement with public institutions and established governance frameworks. Allegations made in the context of unauthorised system access are unsubstantiated and do not undermine the MGA’s role as a regulator committed to transparency, due process and the rule of law.”
