2010 Security Breach Only Now Being Revealed By Paddy Power

Aug 01, 2014

Online bookie Paddy Power is making an embarrassed apology to 649,055 of their customers who it believes were affected by a data breach.

The firm has faced huge amounts of criticism over its failure to properly report the breach, which occured four years ago, however - in 2010.

Paddy Power waited until Thursday this week to tell 649,055 customers their names, email address, phone numbers and answers to security questions had been hacked in the breach.

Paddy Power said it had detected malicious activity at the time - but, after a detailed investigation, determined that no financial information or customer passwords had been put at risk.

"I am very disappointed that it has taken until now for Paddy Power to inform its customers," Ireland's junior minister with responsibility for data protection Dara Murphy said in a statement on Friday.

"It is best practise to inform the Data Protection Commissioner as soon as these breaches occur, and although these were not breaches of password or financial information, the code of practice should be followed at all times."

Peter O'Donovan, MD Online, Paddy Power, said "We take our responsibilities regarding customer data extremely seriously and have conducted an extensive investigation into the breach and the recovered data. That investigation shows that there is no evidence that any customer accounts have been adversely impacted by this breach."

Despite the breach taking the best part of five years to discover and disclose, O'Donavan remains confident in the company's existing security systems.

"Robust security systems and processes are critical to our business and we continuously invest in our information security systems to meet evolving threats. This means we are very confident in our current security systems and we continue to invest in them to ensure we have best in class capabilities across vulnerability management, software security and infrastructure."

Our advice to Paddy Power users: don't bet on your security. Check back for any suspicious activity on services where you've used the same password, and change the password just in case.

Author: Paul Cooper 

View the original article here.
Published under license from ITProPortal.com
Business / data breach / ITProPortal / online payment / security

Comment

 

Understanding the risks and rewards of public sector cloud 

Download the Whitepaper now

Partner

24Newswire
Sign up to receive latest news

Twitter Feed

Why does pubsec ICT PR firm @MantisPR want to be at the upcoming #eventcentreUK THINK Digital Vendors 2016 event? https://t.co/3tE5o7aMmO
@24nbiz
Apr 01, 2016
@thinkdigicon supporter @Adv365 sets out its stall for tomorrow's landmark #gcloud event https://t.co/FQraJP2yyg
@24nbiz
Mar 21, 2016
@thinkdigicon supporter @Adv365 explains why it's supporting tomorrow's show https://t.co/2Wj3UECo9s
@24nbiz
Mar 21, 2016
@24n.biz: what's the final agenda for tomorrow's @thinkdigicon #gcloud @GOVUKdigimkt show? https://t.co/6CASi8lrnU
@24nbiz
Mar 21, 2016