What's the odds? Paddy Power loses 650,000 records in 2010 breach

News by Doug Drinkwater

Popular bookmaker Paddy Power has admitted that a data breach it suffered it 2010 affected 649,055 people - around a third of all customers - but stresses that no financial information or passwords were compromised.

The incident was discovered as part of an investigation in Canada, after a third-party disclosed that an individual in Toronto had customer data from the company, which is based in Dublin. It subsequently obtained two court orders in the country to seize the IT assets from the man in order to wipe the data and examine his bank accounts.

Just shy of 650,000 customers were affected in total with 120,000 of these residing in Ireland. Only customers who signed up to the service in 2010 or prior have been affected.

 “The historical dataset contained individual customer's name, username, address, email address, phone contact number, date of birth and prompted question and answer,” Paddy Power said in a statement.

“Customers' financial information such as credit or debit card details has not been compromised and is not at risk. Account passwords have also not been compromised.”

There is some surprise that Paddy Power only disclosed this event earlier today – some four years after the breach – especially as it reported that the company was aware of the incident at the time and had completed a security audit and updated its technology infrastructure.

The firm says that account monitoring had not detected any activity to indicate that accounts had been impacted, and added that it is now working with the Data Protection Commission and Irish police on the matter. It advises customers to “review other sites where they use the same prompted question and answer as a security measure and update where appropriate.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews