A German hacker, who goes by the name Lilith Wittmann, has publicly claimed responsibility for gaining unauthorized access to a system operated by the Malta Gaming Authority (MGA). She stated that she shared the data she extracted with media outlets and authorities.
The claim was made via a LinkedIn post attributed to Wittmann, an individual who describes herself as an “ethical hacker.” In the post, which was published on 20 March and later removed, she alleged that she had compromised the MGA’s systems and accused the regulator of enabling organized crime activities. The MGA, however, dismissed these allegations, describing the claims as unsubstantiated.
According to reports, Wittmann directly linked herself to the breach in a message addressed to the MGA. She claimed to have hacked into the authority and shared the obtained information with journalists and authorities, while also raising concerns about misconduct linked to Malta’s gambling oversight framework.
Wittmann is known within Germany’s hacking community and has a history of targeting the gambling industry, including a notable breach into Merkur’s systems last year, which led to the shutdown of several offshore sites. Alongside her claim of responsibility, she warned that any attempt to extradite her to Malta would lead to a wider publication of the data. She also mentioned the possibility of facing up to 10 years in prison if German authorities approved her extradition for hacking a public service. The post framed the data as relevant to public discourse and hinted at future disclosures concerning what she described as organized crime networks supported by countries like Malta. However, no concrete evidence supporting these allegations has been publicly provided, and the exact nature of what was accessed remains unclear.
On 20 March, the MGA issued a formal statement in response to the public claims. The authority confirmed awareness of the statements made by Wittmann and condemned any form of unauthorized access and data dissemination. The MGA stated: “The Malta Gaming Authority (MGA) is aware of public statements made by an individual claiming responsibility for unauthorised access to one of the Authority’s systems and making a series of allegations and threats in that context.
Read also: Criticism Mounts Against Croatia’s Gambling Laws
The MGA condemns any unauthorised access to its systems and any extraction, handling or dissemination of data obtained through such activity. Such conduct is unacceptable and incompatible with lawful engagement with public institutions and established governance frameworks. The Authority operates within a robust legal and regulatory framework and carries out its statutory functions with integrity, independence and accountability. Allegations made in the context of unauthorised system access are unsubstantiated and do not undermine the MGA’s role as a regulator committed to transparency, due process and the rule of law.
For more than two decades, the MGA has operated within established legal and governance frameworks, and will continue to do so. Ensuring that the Authority’s work, and the industry it regulates, operate with integrity and accountability is paramount.” The MGA oversees and licenses a substantial portion of online gambling companies that operate under Malta’s regulatory framework. Incidents of this nature tend to attract attention due to the reliance of licensees on the MGA for approvals, compliance oversight, and ongoing supervision. German Hacker MGA
