In a press release dated July 31st, Paddy Power Poker revealed information about a data breach that occurred back in 2010. Following the release, the room started contacting certain customers who owned an account back in 2010 and informed them that sensitive information such as passwords and financial data was not stolen in this isolated incident.
Paddy Power became aware of the full extent of the breach recently when the company took legal action in Canada and cooperated with the police in retrieving the stolen dataset. According to the release, contained within the breached information were names and user names of certain customers, their birthdates, e-mail and physical addresses, and phone numbers. No financial data or customers’ passwords were compromised, Paddy Power said.
Following the discovery, Paddy Power contacted 649,055 affected users on this issue. Customers were advised to check other sites where they could potentially use the same secret questions and answers, as this info was also contained in the stolen data package.
We sincerely regret that this breach occurred and we apologise to people who have been inconvenienced as a result. We take our responsibilities regarding customer data extremely seriously and have conducted an extensive investigation into the breach and the recovered data. That investigation shows that there is no evidence that any customer accounts have been adversely impacted by this breach. We are communicating with all of the people whose details have been compromised to tell them what has happened.“ Peter O’Donovan, MD Online, Paddy Power
O’Donovan emphasized that Paddy Power actively invest in improvement of their security systems and that they always work hard to counter the latest security threats.
This particular breach was discovered in May of 2014 and the stolen dataset was connected to an individual in Canada. Following the investigation, a Canadian court issued an order to seize the individual’s IT equipment. After the seizure, the dataset was retreived and then deleted from the IT systems. Forensic examination of the information obtained discovered the exact number of customers affected who were contacted and notified by Paddy Power.