German Hacker Claims Malta Regulator’s Involvement in Criminal Schemes

^{Pictured: Lilith Wittmann}

German hacker Lilith Wittmann said she was responsible for a recent breach of systems at Malta’s gambling regulator, the Malta Gaming Authority (MGA), Times of Malta reported. She said so in a social media post.

“Yes, I hacked you, and the data obtained has already been shared with media and authorities,” Wittmann wrote. She also said she intends to expose information about “schemes facilitating organised crime” allegedly linked to the regulator’s activities.

The MGA earlier reported unauthorised access to one of its systems. In a statement, the regulator said the incident was being treated with “the utmost seriousness.” It did not specify which systems were affected or whether sensitive data had been compromised.

Wittmann said she hoped German authorities would not extradite her to Malta, where hacking a government entity is punishable by up to 10 years in prison. She argued that the regulator’s data are in the public interest and that her actions could be deemed justified in the future.

The MGA said the allegations were unfounded.

The regulator condemned any unauthorised access to its systems, as well as the extraction and dissemination of data obtained in this way. It said the incident did not constitute “ethical hacking,”* as the identified vulnerabilities were not officially reported.

In March 2025, Wittmann also gained access to the personal data of more than one million online casino users by exploiting vulnerabilities in software used by Maltese company The Mill Adventure. The compromised data reportedly included user names, email addresses, bank card details, postal addresses and information on gaming sessions.

For context: Lilith Wittmann is a Berlin-based German cybersecurity specialist, born in 1995, and widely known as an “ethical hacker.” She gained prominence in 2021 after identifying a vulnerability in the CDU Connect application, which led to a high-profile scandal in Germany.

In subsequent years, Wittmann has uncovered security flaws in both government and commercial IT systems and has been involved in investigations related to data breaches in the gambling industry, including a case involving the Malta Gaming Authority.

Earlier, Gambling Park reported on a possible large-scale cyberattack targeting gambling operator Wynn Resorts.

* Ethical hacking refers to identifying vulnerabilities in software or hardware without the intent to exploit them for malicious or personal gain.