A German cybersecurity researcher says she infiltrated the Malta Gaming Authority’s systems and is now threatening to release data she claims exposes deep‑rooted links between Malta’s gambling sector and organized crime. The MGA, one of the world’s most influential online gambling regulators, denies all wrongdoing.
Hacker Issues Public Warning
Lilith Wittmann, a well‑known “white‑hat” hacker with a history of uncovering vulnerabilities in government and gambling‑regulation systems, announced on X that she had compromised the MGA’s infrastructure.
“Dear Malta Gaming Authority, yes, I hacked you,” she wrote. “The data obtained has been shared with media partners and authorities. And yes, we will expose the organised crime enablement schemes you created while presenting yourselves as a ‘legitimate public service.’”
Wittmann’s past disclosures have triggered investigations in Germany, including flaws in Berlin’s election IT and weaknesses in gambling oversight. Her reputation as a transparency advocate has made her a prominent figure in European cybersecurity circles.
Regulator Pushes Back
The MGA confirmed a breach last week but rejected Wittmann’s accusations.
“The MGA condemns any unauthorized access to its systems and any extraction, handling or dissemination of data obtained through such activity,” the regulator said.
It added that allegations made in the context of a cyber intrusion are “unsubstantiated” and do not undermine its commitment to transparency, due process, or the rule of law.
Long‑Standing Scrutiny of Malta’s Gambling Sector
Malta is Europe’s leading online gambling jurisdiction, home to hundreds of operators and many of the industry’s largest brands. But its prominence has repeatedly drawn the attention of Italian anti‑mafia prosecutors, who have identified the island as a key node in cross‑border betting networks linked to organized crime.
In 2018, the MGA launched a sweeping review of its Italian‑facing licensees after multiple investigations uncovered illegal gambling operations tied to Maltese‑registered companies.
Yet the regulator’s credibility took a major hit the following year when its then‑CEO, Heathcliff Farrugia, was found to have exchanged confidential compliance information with casino owner Yorgen Fenech. The messages surfaced only after Fenech was arrested in connection with the 2017 car‑bomb murder of investigative journalist Daphne Caruana Galizia—a case that intensified claims Malta had become a “mafia state.”
Farrugia resigned quietly in late 2019 amid the political fallout and was later given a three‑year conditional discharge after being convicted of leaking sensitive regulatory information.
What Comes Next
Wittmann has not yet released the data she claims to have obtained, but her allegations have reignited debate over Malta’s regulatory integrity and the broader vulnerabilities of the global iGaming ecosystem.
The MGA maintains that it is the victim of a criminal cyberattack and insists its regulatory framework remains sound. Whether Wittmann’s promised disclosures materialize—and what they contain—could have major implications for one of the world’s most important online gambling hubs.
