Foi Request foi-disclosure

UKGC Blocks 147k Malicious Emails

By James Hartley · Fact-checked by Mark Sullivan, Corporate Investigations Editor

FOI data reveals the regulator faced over 1,600 malicious emails per day in a 90-day period, with phishing attempts numbering in the thousands.

A Freedom of Information request reveals the UK Gambling Commission blocked 147,424 malicious emails over a recent 90-day period. The data highlights the significant cyber threats facing the regulator, including over 5,500 phishing attempts.

UKGC Blocks 147k Malicious Emails
Illustration for UKGC Blocks 147k Malicious Emails

A Freedom of Information (FOI) disclosure has revealed the significant scale of cyber threats facing the UK Gambling Commission (UKGC). The regulator's systems successfully blocked 147,424 malicious emails over a 90-day period, underscoring its position as a prime target for cybercriminals.

The data was released following a request submitted on 26 January 2023. While the request asked for data covering the full 2022 calendar year, the Commission stated it only held information for the 90 days prior to 20 February 2023.

Why This Data Matters

The UKGC is the central repository for sensitive information concerning gambling operators, licence applications, and regulatory enforcement. A successful cyber attack could compromise confidential corporate data or disrupt the Commission's ability to regulate the UK's gambling market. For consumers, the integrity of the UKGC's systems is crucial for ensuring that the organisation tasked with protecting them is itself secure from external threats.

This data provides a rare glimpse into the defensive measures and threat landscape of the UK's gambling regulator.

A Breakdown of the Threats

Over the 90-day reporting period, the UKGC's 546 user and shared mailboxes were targeted by an average of over 1,630 malicious emails every day. The Commission provided a breakdown of the types of threats detected and blocked:

  • Spam (EdgeBlockSpam & Spam Detections): 141,818
  • Phishing: 5,558
  • Malware: 48

Phishing emails are a particularly serious threat. These are fraudulent attempts, often disguised as legitimate communications, designed to trick staff into revealing sensitive information such as passwords or financial details. The detection of over 5,500 such attempts in three months highlights a persistent effort by attackers to infiltrate the organisation through human error.

Staff Response and Security Effectiveness

The FOI request also sought to understand the human element of the Commission's cyber defence. When asked what percentage of malicious emails were opened by staff, the UKGC responded that it "does not hold this data."

However, in a positive sign for its security protocols and staff training, the Commission stated, "We have no reported incidents where staff have clicked on a malicious link in this time period."

This suggests that while the regulator faces a high volume of threats, its technical filters and employee awareness are proving effective at preventing a successful breach. The data demonstrates the constant pressure on the UKGC's digital infrastructure and the importance of its ongoing investment in cybersecurity to protect the integrity of the British gambling industry.

J

Written by

Regulatory Affairs Editor

LLB (Hons) in Law, University of Bristol. Postgraduate Diploma in Financial Regulation, University of Reading.

James has spent 12 years in gambling compliance and regulatory technology, previously working as Senior Compliance Analyst at a UK-based regulatory consultancy advising licensed operators on LCCP adherence.

UKGC cybersecurity data protection phishing Freedom of Information

More Insights