PokerStars owner Flutter confirms data breach


The British sports betting giant Flutter Entertainment has confirmed that the company was impacted by the MOVEit Transfer attacks. PokerStars had previously confirmed the attacks exposed over 110K of its customers.

“We can confirm that Flutter International has been impacted by the global cybersecurity incident involving the MOVEit Transfer application,” reads the company’s statement shared with Cybernews.

Flutter’s confirmation came immediately after the company was listed on the dark web blog of Cl0p, the ransomware gang behind the MOVEit hack. The cybercriminals claim that they’re in possession of 91 gigabytes of the company’s data.

ADVERTISEMENT

“Upon learning of the incident, we promptly disabled access to the affected application and have already notified affected employees and customers as appropriate,” Flutter said.

The company declined to comment on specific details about the breach.

Earlier in July, PokerStars, the Flutter-owned world’s largest online poker site, started notifying customers whose data may have been exposed in the recent MOVEit Transfer attacks.

According to information provided by PokerStars to the Maine Attorney General, the breach exposed 110,291 individuals. Exposed files contained personal user details, including names, addresses, and Social Security numbers.

Unrelenting Cl0p and MOVEit hacks

Most recently, Deloitte, a New York City-based global auditing and accounting firm, confirmed that it also fell victim to the MOVEit attacks, joining others from the Big Four financial service giants, PWC and EY.

So far, 520 organizations have been confirmed to be impacted by Cl0p’s MOVEit Transfer attacks, with over 36 million people having their data exposed.

Cl0p is a Russia-linked ransom group claiming responsibility for exploiting a SQL database injection flaw in the MOVEit Transfer file system, impacting thousands of companies worldwide.

Named victims include American Airlines, TJX off-price department stores, TomTom, Pioneer Electronics, Autozone, and Johns Hopkins University and Health System.

ADVERTISEMENT

Other prominent brand victims include Shutterfly, Warner Bros Discovery, AMC Theatres, Honeywell, Choice Hotels’ Radisson Americas chain, and Crowe accounting advisory firm.

Exclusive information, vetted by Cybernews, indicates that at least some of Cl0p’s affiliates might be residing in Kramatorsk, a Ukrainian city in the country’s embattled east. US officials are offering a $10 million bounty on the Cl0p gang.