The Gaming Boardroom

Where the gambling industry comes to think

Player data leaks: Inside iGaming’s cyber crisis

Steve Tyler Exec Content

Player data leaks: Inside iGaming’s cyber crisis

Summary

The iGaming sector is seeing a sharp rise in player-data breaches as attackers exploit centralised KYC, payment and behavioural datasets, weak third-party links and credential-related failures. Incidents have jumped substantially — Continent 8 reports a 400% increase in cyber incidents affecting online and land-based casino operators since February 2025 — and the pattern points to systematic targeting rather than opportunistic attacks.

Large operators are investing in security, but a long tail of smaller firms treats cybersecurity as a compliance checkbox. That patchwork, combined with legacy systems, over-privileged APIs and talent shortages, widens the attack surface. New threats from AI-driven, agentic attacks raise the stakes further, while regulators (GDPR, NIS2 and national data authorities) step up scrutiny.

Key Points

  • Player accounts contain dense, high-value data (KYC documents, payment credentials, geolocation and behavioural histories), making iGaming an attractive target.
  • Industry incidents have surged: Continent 8 cites a 400% increase in cyber incidents since early 2025.
  • Security maturity is uneven — big operators invest properly but many smaller firms treat security as a licence checkbox.
  • Third-party integrations (payment processors, KYC vendors, studios, affiliates) are frequent and persistent exposure points.
  • Credentials remain the weakest link: phishing, password reuse and credential stuffing enable many breaches.
  • Detection and response are critical — prolonged undetected access magnifies harm; continuous monitoring and MFA adoption remain inconsistent.
  • AI changes the threat model: autonomous, agentic attacks and mass credential testing demand behavioural analytics and better data governance.
  • Transparency and timely breach communication are vital to preserve player trust and meet regulatory obligations.

Context and relevance

This analysis matters because iGaming combines rapid commercial growth with unusually rich datasets and a fragmented supplier ecosystem — a recipe for high-impact breaches. Regulators across Europe are tightening rules (GDPR enforcement, NIS2), and technological shifts (agentic AI) make attacks faster and cheaper. Operators, suppliers and regulators must close the gap between compliance and genuine resilience or face larger fines, reputational damage and systemic risk.

Why should I read this?

Short version: player data is juicy, breaches are climbing, and if you work in iGaming (or sell to it) this is not something to shrug off. Read it to get the lay of the land — what’s going wrong, where the weak links are, and what to watch next so you don’t get caught out.

Source

Source: https://igamingbusiness.com/tech-innovation/player-data-leaks-inside-igamings-cyber-crisis/