The betting firm contacted over half a million customers this week over a historical data breach traced back to an individual in Canada
Irish bookmaker Paddy Power confirmed this week that it suffered a data breach in 2010, the full extent of which came to light in May 2014.
The personal information of 649,055 customers was compromised during that 2010 cyber attack and the bookmaker has admitted that it had at the time detected malicious activity in an attempted breach of its data security system.
Security review prompted
“A detailed investigation was undertaken at the time and determined that no financial information or customer passwords had been put at risk,” outlined the press release. “It was, however, suspected that some non-financial customer information may have been exposed and a full review of security systems was undertaken.”
The betting giant only took legal action in Canada in recent months however, after it was advised that a historical customer dataset was in the possession of an identified individual in Canada.
No financial information compromised
The Irish bookmaker was keen to state that no financial information or customer passwords were compromised in what it described as an isolated incident and that customer accounts were not at risk as a result.
It’s understood the historical dataset contained individual customers’ name, username, address, email address, phone contact number, date of birth and prompted question and answer. Customers’ financial information, such as credit or debit card details, were deemed to not have been compromised and not to be at risk. Account passwords were also said not to have been compromised.
No impact on post-2010 customers
“Paddy Power’s account monitoring has not detected any suspicious activity to indicate that customers’ accounts have been adversely impacted in any way,” continued the press release. “The accessed information alone would not have been sufficient to grant access to a Paddy Power customer account and this incident has no impact on customers who opened accounts after 2010.”
Paddy Power says it has contacted the affected customers and advised them to review other sites where they use the same prompted question and answer as a security measure and update where appropriate.
Confidence in security systems
“We sincerely regret that this breach occurred and we apologise to people who have been inconvenienced as a result,” said Peter O’Donovan, online MD of Paddy Power. “We take our responsibilities regarding customer data extremely seriously and have conducted an extensive investigation into the breach and the recovered data.”
“That investigation shows that there is no evidence that any customer accounts have been adversely impacted by this breach,” he continued. “We are communicating with all of the people whose details have been compromised to tell them what has happened.”
O’Donovan concluded that the company was very confident in its current security system: “Robust security systems and processes are critical to our business and we continuously invest in our information security systems to meet evolving threats.”